tag:blogger.com,1999:blog-34521975144665967562024-03-08T04:34:47.186-08:00SECUREMIDDLEWARE.ORGOn this blog we will discuss middleware security, including any type of middleware.
LOOKING FOR SECUREMIDDLEWARE, THE SECURE CORBA COMPONENTS IMPLEMENTATION? IF SO, PLEASE VISIT WWW.SECUREMIDDLEWARE.COM OR WWW.OBJECTSECURITY.COMDr. Ulrich Lang, CEO, ObjectSecurityhttp://www.blogger.com/profile/13178321643262725698noreply@blogger.comBlogger6125tag:blogger.com,1999:blog-3452197514466596756.post-69604782438281399362007-09-06T07:48:00.000-07:002007-09-06T07:49:25.852-07:00Gartner Hype Cycle for Information Security 2007Gartner has just released their new Hype Cycle for Information Security 2007, and model driven security is on it. ObjectSecurity's OpenPMF 2.0 (<a href="http://www.openpmf.com/">www.openpmf.com</a>) has been identified as aleading product in this emerging area.<br /><br />This shows that Gartner believes that model driven security is a critical technology approach to simplify enterprise security.<br /><br />We believe that model driven security plays an important role for securing middleware environments, especially where model driven engineering (or MDA) is used (see <a href="http://www.securemda.com/">www.securemda.com</a>).<br /><br />This blog is a public forum and we are welcoming any views on this.Dr. Ulrich Lang, CEO, ObjectSecurityhttp://www.blogger.com/profile/13178321643262725698noreply@blogger.com0tag:blogger.com,1999:blog-3452197514466596756.post-32167398150040971072007-07-27T03:53:00.000-07:002007-07-27T03:54:17.795-07:00Related blogsThere are some related blogs:<br /><br /><a href="http://www.trustedsoa.org/">www.trustedsoa.org</a><br /><a href="http://www.modeldrivensecurity.org/">www.modeldrivensecurity.org</a>Dr. Ulrich Lang, CEO, ObjectSecurityhttp://www.blogger.com/profile/13178321643262725698noreply@blogger.com0tag:blogger.com,1999:blog-3452197514466596756.post-67551439141432914512007-07-27T03:50:00.001-07:002007-07-27T03:51:00.632-07:00ZDnet discussionThere is a related discussion about middleware security and central security management at:<br /><br /><a href="http://talkback.zdnet.com/5208-12408-0.html?forumID=1&threadID=27594&messageID=674416&start=-9996">http://talkback.zdnet.com/5208-12408-0.html?forumID=1&threadID=27594&messageID=674416&start=-9996</a>Dr. Ulrich Lang, CEO, ObjectSecurityhttp://www.blogger.com/profile/13178321643262725698noreply@blogger.com0tag:blogger.com,1999:blog-3452197514466596756.post-63072002779285251752007-07-27T03:33:00.001-07:002007-07-27T03:48:39.807-07:00Middleware definitionFor now, the term will be used for software that resides between an application and the inner workings of the system hosting the application, and that abstracts the complexities of the underlying technology from the application layer. In particular, middleware automatically handles all communications related to invocations between client and target applications, and supports application portability, mechanism flexibility, interoperability, and scalability.<br />(<a href="http://www.cl.cam.ac.uk/TechReports/UCAM-CL-TR-564.pdf">http://www.cl.cam.ac.uk/TechReports/UCAM-CL-TR-564.pdf</a>)Dr. Ulrich Lang, CEO, ObjectSecurityhttp://www.blogger.com/profile/13178321643262725698noreply@blogger.com0tag:blogger.com,1999:blog-3452197514466596756.post-41926247077108209672007-07-27T03:33:00.000-07:002007-07-27T03:51:38.296-07:00Middleware security - setting the sceneThis blog is about the issues, benefits, opportunities etc. of middleware security. We assume for now that middleware is software such as Web services, CORBA/CCM, JavaEE, OSGi and others (please extend the scope of this blog as needed).<br /><br />Security for middleware in largeer IT environments is often important because confidential information is sent around between users and applications. The main security issues are (in our opinion):<br /><br /><p>1. security mechanisms for message protection, client/target authentication, token transfer etc. (this is the easy bit, see CORBAsec as an example) </p><p>2. central security management </p><p>2.1. identity management: federated identity management has been proposed and is being used (this is the easier half of security management)<br />2.2. access management: solutions such as <a href="http://www.openpmf.com/">http://www.openpmf.com/</a> are available (please post other products in the comments and I will weave them in). Simplifying the management complexity is one of the main issues here. </p><p>2.3. central compliance monitoring </p><p>3. non-repudiation: this is a big questionmark I think </p><p>4. accreditation: how to accredit a middleware based system (e.g. common criteria) if you don't know the deployment scenario?</p><p></p><p>I'm sure there is more, please comment.</p>Dr. Ulrich Lang, CEO, ObjectSecurityhttp://www.blogger.com/profile/13178321643262725698noreply@blogger.com0tag:blogger.com,1999:blog-3452197514466596756.post-85683604061934968362007-07-26T13:29:00.000-07:002007-07-26T13:31:44.908-07:00Secure middleware or SecureMiddlewareHello!<br /><br />Are you looking for SecureMiddleware, the secure CORBA Component Model implementation? If so, please visit:<br /><br /><a href="http://www.securemiddleware.com/">www.securemiddleware.com</a><br /><br />Otherwise, please stay tuned for the discussion. Postings by anyone are welcome, this is intended as an open forum.Dr. Ulrich Lang, CEO, ObjectSecurityhttp://www.blogger.com/profile/13178321643262725698noreply@blogger.com0