Security Training Seminars An integral part of The Open Group Security Programme

(1)

Security Training Seminars

An integral part of The Open Group Security

Programme

Dean Adams

Director, Security & Electronic Commerce

(2)

Agenda Check!

j

_{Brief Overview of Security Program}

Key Projects

Introduction to Security Training

Seminars

(3)

Scope of Program

•

For organisations implementing innovation in Security &For organisations implementing innovation in Security & Electronic Commerce, the security program aims to:

Electronic Commerce, the security program aims to:

–

reduce business risks

–

reduce business costs

–

improve competitiveness

•

Support for a secure infrastructure at 3 levels:Support for a secure infrastructure at 3 levels:

–

Internet

–

Enterprise-wide network (Intranet)

(4)

The IT

The IT DialTone

DialTone

Core Information Exchange Application Services Location Services Transaction Processing Management Services Service Qualities Security Manageability Interoperability International Operation Scalability Portability Service Qualities Security Manageability Interoperability International Operation Scalability Portability

(5)

Scope of Program

Business Requirements

identification, definition & prioritisation

Business Requirements

identification, definition & prioritisation

Generating, Participating-in & Monitoring Technical Developments Standards, Collaborative Technology & Pilot Trials

Generating, Participating-in & Monitoring Technical Developments

Standards, Collaborative Technology & Pilot Trials

Defining Branding Programs supported by testing

Defining Branding Programs

supported by testing

Support in the Marketplace

Launch, communications, integration, training, procurement

Support in the Marketplace

Launch, communications, integration, training, procurement

Product Developments & Industry Trends

(6)

Scope of Program - evolution

Standards

Testing

Testing Brand_Brand

Development Partnerships

Development

Partnerships ConsultancyConsultancy TrainingTraining

Peer Networking Peer Networking Pilot Trials Pilot Trials Market Requirements Market Requirements

•

Aim to provide a full service range to our partnersAim to provide a full service range to our partners

–

major system vendors, application & middleware providers, end-user organizations

–

mutually supportive activities, no “throw over the wall” attitude

(7)

Conformance & The Brand

•

Enforced by theEnforced by the

X/Open Trade Mark Licence Agreement

–

It conforms to the Standard

–

It will continue to conform

–

Any problems, fixed by

the supplier within set time

Guaranteed by the supplier

Brand can be taken away !

(8)

Agenda Check!

Brief Overview of Security Program

j

_{Key Projects}

Introduction to Security Training

Seminars

(9)

Distributed Security Framework

-

- (an application programmer’s view)(an application programmer’s view)

Common Security Services Specific Mechanism Modules Eg. Kerberos SESAME CryptoKnight ETC. As Appropriate Users of Security

Services System Services_{(e.g. network, file-system, database, etc.)}

Applications

Distributed Authentication

Key & Cert Management Cryptographic

Services Distributed

Audit

(10)

Common Architecture for PKI

•

Defines, characterises, integrates, positions,Defines, characterises, integrates, positions, components of a PKI

components of a PKI

•

Based on use of X509.v3 (due to overwhelmingBased on use of X509.v3 (due to overwhelming

recommendation from customer community) but does

not preclude use of other approaches (e.g. SDSI)

•

Provides for, but does not mandate Key RecoveryProvides for, but does not mandate Key Recovery

•

Drafts available publicly via web serverDrafts available publicly via web server

•

References and integrates specifications from otherReferences and integrates specifications from other sources

sources

(11)

Business decisions and Regulatory

Framework establish trust relationships

CA CA CA CA CA CA CA CA CACA CA CA CA CA CA CA CA CA CA CA CA CA CA CA CA_CA

Allow for hierarchical structure, direct relationships,

and web-of-trust relationships as deemed appropriate for individual circumstances.

• Do not Dictate

(12)

Business Decisions and Regulatory

Framework establish

separation/combination of Role

RA RA RA RA CA CA RA RA RA_RA CA CA CA CA RA RA RA RA RA RA RA_RA RA_RA RA_RA RA_RA RA_RA

. . .

Registration Authorities can be local to user (e.g. lawyers office, local chamber of commerce. Can offer services from multiple competing CA services (act as broker),

(13)

CDSA

•

Canadian Dam Safety AssociationCanadian Dam Safety Association

•

Canadian Deaf Sports AssociationCanadian Deaf Sports Association

•

Comprehensive Digestive Stool AnalysisComprehensive Digestive Stool Analysis

A search on the Internet reveals

But since this is a

security presentation

•

(14)

Common Data Security Architecture

(CDSA)

•

For applications and services in a PKI environmentFor applications and services in a PKI environment

–

Coherent architecture

–

Comprehensive set of services

•

Originally submitted by Originally submitted by IntelIntel

–

Revision and addition from PKI Task Group

•

Intel, IBM, Netscape, Entrust, Trusted InformationIntel, IBM, Netscape, Entrust, Trusted Information Systems

Systems prepared revised specifications prepared revised specifications

–

Fast-Track adoption

•

(15)

CDSA Fast Track

•

Formal review & comment period completedFormal review & comment period completed

–

final version being prepared for publication

–

formal approval

•

Publish final standard - awaiting completion of legalPublish final standard - awaiting completion of legal procedures

procedures

•

Test suites in developmentTest suites in development

•

Brand (certification scheme) definition and supportingBrand (certification scheme) definition and supporting processes being developed

processes being developed

•

(16)

Common Data Security Architecture - CDSA

Certificate Library Common Security Services Manager Security Add-in Modules Cryptographic Service Provider Trust Model Library CSSM Security API CSP Manager

SPI TPI CLI DLI

TP Module Manager CL Module Manager DL Module Manager Data Storage Library EMI Elective Module Mgr New Category of Service EM-API System Security Services Middleware Language Interface Adapter Layered Services Tools Applications in Java Applications in C++ Applications in C Method Wrapper

(17)

Single Sign-On

•

To support distributed heterogeneous enterprise-wideTo support distributed heterogeneous enterprise-wide network

network

•

Completed so far:Completed so far:

–

Pluggable Authentication Modules (PAM)

• publicly available on web server

•

In the pipeIn the pipe

–

Account Management built on LDAP based schema

(18)

Agenda Check!

Brief Overview of Security Program

Key Projects

j

_{Introduction to Security Training}

Seminars

(19)

Security Training Seminars

•

New !New !

–

Starts here in Amsterdam, establish as regular feature

•

Integral part of Security ProgramIntegral part of Security Program

–

supporting standardization and collaborative technology initiatives in the field

•

Aims:Aims:

–

practical advice of obvious value to the business

–

short to medium term tactical advice

–

medium to long term strategic advice

(20)

Security Training Seminars

•

Managing:Managing:

–

Dr. Phil Holmes

•

background in education, information management and publishing

–

Rob Tate

•

background in practical commercial consultancy

•

Security Training AllianceSecurity Training Alliance

–

proposal for alliance of training partners

–

working under common marketing banner

(21)

Security Survival

An Indispensable Guide to Securing Your Business

Obtain from:

–

Prentice-Hall

Regular & Internet

http://www.prenhall.com

–

The Open Group

Regular & Internet

http://www.opengroup.org

–

Amazon Internet only http://www.amazon.com

Security

Survival

An indispensable guide to securing your business Essential advice for users and managers Helps prepare you for net security Your guide to System Security

(22)

Our Speakers Today

•

Stan Dormer, (Aid to Industry)Stan Dormer, (Aid to Industry)

–

30 years in IT and auditing

–

co-founder of COMPACS conferences now in 21st year

•

Pierre Noel (The Open Group)Pierre Noel (The Open Group)

–

practical expertise in DCE, security, Single Sign On open transaction processing, and distributed systems

(23)

Rules of Engagement

•

Not a working group meetingNot a working group meeting

–

Panel Question & Answer Session

•

Feel free to provide feedback toFeel free to provide feedback to Phil Holmes and Rob Tate

Phil Holmes and Rob Tate

–

either personally or via evaluation forms

–

content, quality, suggestions for future topics

–

interest in The Security Training Alliance

•

Further opportunity for one on oneFurther opportunity for one on one

discussion at the reception for interested parties