Home · About · A-Z Index · Search · Contacts · Press · Register · Login

Security Forum


Return to Security home page
Current work:

- Managers Guides

- MGIS

- Data Privacy

- PKI

- Guide to PKI

- Identity Mgt

- Access Control

- Security Patterns

- Secure Messaging

Strategy/Roadmap

Useful links:

Security topics

Info sources

Liaisons

How we work

Open Group Security Standards/Guides

Distributed Security Framework

The distributed security framework XDSF (Dec 1994) was the primary guiding document in the development and use of security technologies that were being delivered over the following few years. This framework not only defined the type of security services that would be made available and how, but also provided advice to designers and implementors of specifications in other areas of technology, so that they could take proper advantage of these security services, thus enabling the development of a secure distributed open systems platform.

In January 1997, XDSF was replaced by Security Survival - Source Book from The Open Group.

Work is currently underway in the Security Forum to develop a new architecture for security, using patterns. This work will result in publication of a Guide to Scurity Patterns (GSP) at the end of 2001.

The Security Forum's strategy is to define generic security APIs that are independent of specific underlying security mechanisms. This approach in the XDSF is illustrated in the diagram below:

A consequence of trying to fit all the elements into the diagram, yet retain legibility, was that elements of the Basic Security Services such as Key Management and Security Administration appeared to be layered below the others, in the diagram above. There was however no such layering implied by the Distributed Security Framework.

Each security service was required to have both operational interfaces for the invocation of security-related activities, and administrative interfaces for the control and configuration of those services.

This XDSF document also discussed the ways in which the users of the security services; i.e. the applications or platform services, could make use of the services. Such users were roughly categorised into those that are either:

  1. security aware
  2. security unaware

Briefly, security unaware users of the security services are those that are completely unaware of, and unconcerned with, security issues. For example, an application that made use of a platform networking service may use that service without reference to the level of security that is supported by the platform service. Consequently, the following points arose:

  • The platform service interface did not contain any security-related information. If the interface provided a secure service, it did so without making it visible to the application
  • The application could not change/control/direct the provision of security by the platform service.
  • The specifier of the platform service interface had to understand the security needs of applications that used the interface.
  • The implementors of platform service specification had to maintain all security functionality without recourse to application decision-making.

Security aware users of the security services were those that required that they were supported by adequate security services, but made no assumptions as to the level of security support that, for instance, a platform service such as networking, would provide. This implied that the user entity may either:

  • Control the level of security support through the use of suitable Quality of Service parameters.
  • Take full responsibility for the provision of security, by handling security-related activities itself, rather than relying on the underlying platform services to provide that support.

        
    © 1995-2010
         Sales Enquiries      Site Index


        
    © 1995-2010
         Sales Enquiries      Site Index



Home · Contacts · Legal · Copyright · Members · News
© The Open Group 1995-2012  Updated on Wednesday, 1 August 2001