Securing the Web:
An Infrastructure Based on DCE

By Steve Lewontin
Principal Research Engineer
The Open Group Research Institute

It's hard to ignore the World Wide Web. The ubiquitous "WWW" is just about everywhere. But while the global embrace of the Web continues, full use of the Web as an enterprise computing tool demands a security infrastructure not currently available.

The secure web core technologies project of The Open Group Research Institute has developed an infrastructure for secure enterprise use of the Web, based on the Distributed Computing Environment (DCE), an industry-standard suite of computing technologies. This secure web infrastructure consists of a modular set of client, server, and other software that brings DCE security and other services to the Web.

Secure Web access is key

The secure web technology offers a set of software elements that organizations can use for secure access to Web documents, server scripts, and other services made available via the Web interface. For example, secure web can provide strong mutual authentication of Web clients and servers, fully encrypted and integrity-protected channels for communication of Web data, and individual and group identity-based access control over Web documents.

The secure web technology also provides important services beyond security. For example, the project uses the DCE name services to provide for location-independent addressing of Web documents. This means that secure web Universal Resource Identifiers (URIs) do not become stale when documents and servers are moved. Because multiple copies of a document can be addressed via the same URI, secure web also makes possible efficient replication of documents for faster and more reliable service.

One important goal of the secure web technology is to make maximum use of existing Web software and, most importantly, to keep the popular graphical Web browsing interface. Enterprise web access is intended to be as transparent as possible to users. When a standard Web browser is used, access is possible to both the World Wide Web and secure web in exactly the same way from within the document. Another goal of the project is to provide easy integration between secure web security and the on-line commerce mechanisms currently being deployed in the Web.

Components of enterprise Web

The secure web technology consists of a number of elements. Together these pieces are intended to provide a full, but modular suite of enterprise Web services. These components include WanD Server, a high-performance Web server that can communicate with Web clients (browsers) using both standard HTTP over TCP and the secure web RPC-based protocols; Secure Local Proxy (SLP), which provides the principal means for client browsers to access secure web securely; and Security Domain Gateway (SDG), which permits clients with public-key security capabilities to gain authenticated access to secure web.