Security for middleware in largeer IT environments is often important because confidential information is sent around between users and applications. The main security issues are (in our opinion):
1. security mechanisms for message protection, client/target authentication, token transfer etc. (this is the easy bit, see CORBAsec as an example)
2. central security management
2.1. identity management: federated identity management has been proposed and is being used (this is the easier half of security management)
2.2. access management: solutions such as http://www.openpmf.com/ are available (please post other products in the comments and I will weave them in). Simplifying the management complexity is one of the main issues here.
2.3. central compliance monitoring
3. non-repudiation: this is a big questionmark I think
4. accreditation: how to accredit a middleware based system (e.g. common criteria) if you don't know the deployment scenario?
I'm sure there is more, please comment.
No comments:
Post a Comment