Thursday, 6 September 2007
Gartner Hype Cycle for Information Security 2007
This shows that Gartner believes that model driven security is a critical technology approach to simplify enterprise security.
We believe that model driven security plays an important role for securing middleware environments, especially where model driven engineering (or MDA) is used (see www.securemda.com).
This blog is a public forum and we are welcoming any views on this.
Friday, 27 July 2007
ZDnet discussion
http://talkback.zdnet.com/5208-12408-0.html?forumID=1&threadID=27594&messageID=674416&start=-9996
Middleware definition
(http://www.cl.cam.ac.uk/TechReports/UCAM-CL-TR-564.pdf)
Middleware security - setting the scene
Security for middleware in largeer IT environments is often important because confidential information is sent around between users and applications. The main security issues are (in our opinion):
1. security mechanisms for message protection, client/target authentication, token transfer etc. (this is the easy bit, see CORBAsec as an example)
2. central security management
2.1. identity management: federated identity management has been proposed and is being used (this is the easier half of security management)
2.2. access management: solutions such as http://www.openpmf.com/ are available (please post other products in the comments and I will weave them in). Simplifying the management complexity is one of the main issues here.
2.3. central compliance monitoring
3. non-repudiation: this is a big questionmark I think
4. accreditation: how to accredit a middleware based system (e.g. common criteria) if you don't know the deployment scenario?
I'm sure there is more, please comment.
Thursday, 26 July 2007
Secure middleware or SecureMiddleware
Are you looking for SecureMiddleware, the secure CORBA Component Model implementation? If so, please visit:
www.securemiddleware.com
Otherwise, please stay tuned for the discussion. Postings by anyone are welcome, this is intended as an open forum.