Liberty Mutual:
Adding Security to ORBs

By John Dohm
Senior Manager
Deloitte & Touche LLP

Anyone considering object technology for software development likely has a solid conceptual grasp of the benefits inherent in real world modeling, object design, and component reuse. Going from concept to

click here to view full size
reality, however, requires an analysis of the marketplace to determine the best tools for a particular development effort.

Basic Object Request Broker (ORB) functions and associated services based on the CORBA specification are now available from vendors. However, one area in which they are severely lacking is distributed security. As such, customers of CORBA-specified products are typically missing critical security services, including authentication, authorization, encryption, and auditing. The following outlines how one organization is blending the strengths of DCE security and the Orbix ORB from Iona Technologies to build superior software solutions.

Liberty Mutual is a significant insurance concern requiring leading-edge software to meet the needs of its business. Due to the dynamic nature of the firm, several of the application development teams decided that building a distributed object architecture would be one way to facilitate faster design, development, and deployment of systems. A few business applications were selected, as was the Orbix product, and the design and development process began. At the outset of the design process, the in-house security team quickly identified application security needs and asked how the development teams were to meet the following requirements:

After considering the requirements, the development teams saw several options. They could develop the software necessary to support security in-house, but this would be costly and time consuming, and would take away from the core business needs of Liberty Mutual. They could consider a proprietary product, which would lead to integration issues and certainly would not meet their corporate requirements for open computing. Or, they could base their platform on DCE security. They chose DCE for a number of reasons.

The reality is that today, and for the foreseeable future, DCE offers the only set of integrated security services that can meet the needs of the enterprise. The key reason has to do with the need to support identical security mechanisms at all points where security is required. DCE provides an excellent authorization and encryption engine based on Kerberos, has extensions for group memberships offering outstanding access control facilities, and incorporates an auditing service that can be used by any application in the enterprise. For access control services that build on those provided by DCE, the project team selected HP's Praesidium/Authorization Server. Alternative solutions to DCE - security gateways, synchronization, scripting, and propagation - weren't an option because they don't scale well and won't meet the needs of even the smallest enterprises.

It was important to Liberty that the decision to go with DCE security not impact their development efforts. The architecture took advantage of the Orbix authentication filter and transformer objects for encryption and location transparency (using the Cell Directory Services of DCE). The security functions were implemented using GSS-API (the Generic Security Services API) with DCE as the plumbing for the security functions. By design, the impact of providing excellent security for the Liberty applications was minimal. DCE allows Liberty to focus on application development instead of security issues. Moreover, the foundation of DCE offers a great opportunity to provide other services to the organization, including transaction processing and a basis for Secure Single Sign-On.

The result of the security solution at Liberty Mutual is that DCE meets tactical requirements for important business applications while providing a strategic option for integrated security throughout the enterprise. DCE offered implementable security for ORB technology, and it provides the basis for industrial strength security across the enterprise and beyond.