|The Open Group
11 Cambridge Center
The Open Group and The Securities Industry Middleware Council Announce Security Solution for Wall Street
Integrating Smart Cards and DCE
For Immediate Release
Thursday, June 04, 1998
Contact: Sally Long, DCE Program Manager
The Open Group
Eliot M. Solomon, Chair
The Securities Industry Middleware Council
Cambridge, MA ¾ The Open Group (Cambridge, Massachusetts http://www.opengroup.org ) and The Securities Industry Middleware Council (New York City http://www.enteng.com/simc/simc.html ) recently announced a new approach to a serious business concern: How to know that an employee or agent of a business partner is authorized to use your services, and how to control which services he uses. As access to information through the Internet and other technologies becomes more widespread, the need to share information and business capabilities with partners grows. Meeting this challenge is particularly important to the brokerages and exchanges of the securities industry.
The Open Group's quarterly members meeting in San Diego saw the demonstration of new security capabilities for DCE. In a joint effort, the Securities Industry Middleware Council and The Open Group's DCE Program Group identified customers immediate, high-value business requirements for the use of public key technology in DCE. The major suppliers of DCE technology, comprising DASCOM Inc., Digital Equipment Corporation, Gradient Technologies, Hewlett-Packard Company, and IBM Corporation, responded to these requirements with the simultaneous delivery of a draft specification for the technology, and a prototype implementation engineered by IBM and DASCOM with support from Entrust Technologies. All the participating DCE suppliers have announced support for the technology in their future product plans.
This innovative marriage of technologies combines flexible Internet security techniques and the efficient and precise protection mechanisms of DCE, giving firms in the securities industry new ways to open new commerce channels safely with each other and their customers. It allows firms to use X.509v3 certificates issued by any vendor's Certificate Authority to introduce their employees and agents to other firms, and obtain for them DCE Extended Privilege Attribute Certificates (EPACs). EPACs are a powerful authorization tool, allowing accurate and efficient control of access to the data and computing resources of an enterprise.
These groups, whose members are experts in Information Technology, teamed up with representatives from a number of system and technology vendors to speed up the delivery of public key technology that can be put to practical use by Wall Street. The approach proposed by IBM and DASCOM was chosen because of its creative use of technologies that have already been widely adopted as the "glue" between X.509 and DCE. "Because the method uses the widely-adopted Cryptographic Message Syntax (CMS), any system capable of signing E-mail can securely request services from a firm using this system," observed Gerard Gebel of Chase Manhattan Bank, chair of the Securities Industry Middleware Councils security focus group.
The effort to solve this problem began in October 1997, when The Open Groups DCE Program Group and SIMC entered into an "experimental relationship" to improve the speed with which standards-based infrastructure is created and delivered. "We feel this experimental relationship has been a real success for both buyers and suppliers. The efficient and effective integration of these two key technologies in just a few months is a testament to the effectiveness of customer-driven collaboration," according to Sally Long, DCE Program Manager at The Open Group. "The customers in the securities industry, and all other users of Information Technology, will shortly have a powerful new tool to allow them to work together. They will be able to get it from any of a number of sources, with a high degree of assurance that it will be and remain interoperable."
"In the spirit of open standards, this solution provides our customers with an exciting union of the Common Data Security Architecture (CDSA) with multiple Public Key Certificate Authority offerings," says Dave Hemsath of IBM, one of the authors of DCE RFC 68.4, which describes the work. "IBM was delighted to be a leader in this effort bringing together customers and vendors to solve this very important DCE requirement." Frank Siebenlist of DASCOM, another author of the RFC, said "This invention does more than add smart card and certificate-based authentication capabilities to DCE. It allows users of certificates to add the authorization and access controls of DCE and DCE-secured services like DFS to their security policy enforcement capabilities, specifically it will add authorization capabilities to Web and Internet-based applications. The use of CMS provides a widely tested and accepted standard method of digitally signing and 'enveloping' messages. DASCOM is proud of our leadership in this RFC as it is consistent with our Intraverse architecture."
"As a long-time supporter of Public Key Infrastructure (PKI) and Distributed Computing Environment (DCE) security technology, Digital welcomes this action by The Open Group to bring these technologies together to assist customers in implementing new levels of security for the Internet and intranet," said Tim Yeaton, Vice President, UNIX Systems Group, Digital Equipment Corporation.
"We are very pleased to see the Entrust Public Key and DCE Security technologies being brought together in a multi-vendor standard", said Tim Moses of Entrust Technologies. "This will give customers who have chosen Entrust and DCE as their corporate security infrastructures new flexibility in inter- and intra-company authentication for security decisions."
"Gradient was proud to contribute first-hand experience from delivering products that integrate public-key technologies with DCE services" said David Fowler, Gradient Vice President of sales and marketing. " We fully support the evolution of an open standard for this critical intersection of security technology, and we expect to provide near-term implementations in both our NetCrusader and PC-DCE product families."
"The combination of these two powerful security mechanisms will enable DCE customers to extend their enterprises beyond their company walls", said Diane Belknap, HP DCE/9000 product manager. "HP believes it is extremely important to be a contributor to this standards process and endorses both DCE security and PKI to support customer needs."
The Open Group is an international consortium of more than 200 members working to create a global information capability, called the IT DialTone Architecture, to link the billions of dollars worth of computing resources installed worldwide with emerging Internet technologies. The Securities Industry Middleware Council is an association of securities industry firms working to encourage the development of Information Technology infrastructures that meet the industry's stringent functional and operational quality demands.