Policy Model References: CORBA Security

["Pilz, Gilbert" <gpilz@jamcracker.com>]

Title: Policy Model References: CORBA Security

With respect to submitting previous work related to authorization policy models for consideration; I would like to submit the CORBA Security Specification.

The core specification can be found at: ftp://ftp.omg.org/pub/docs/formal/98-12-17.pdf or ftp://ftp.omg.org/pub/docs/formal/98-12-17.ps if you prefer PostScript. Be forewarned, this is a huge, 386 page monster of a specification that contains lots of things that are probably not of particular interest to the XACML community. Sections 15.3 and 15.4 should be of the most direct interest to XACML. There are a few terminological mismatches between CORBASec and SAML/XACML to look out for. For instance, what CORBASec calls a "Credential" SAML/XACML calls an "Attribute Assertion", etc.

A FAQ for this specification can be found at http://cadse.cs.fiu.edu/corba/corbasec/faq/single-page/CORBASEC-FAQ.html. The FAQ has a lot of material that explains what the authors "really meant" by certain sections of the specification.

Bob Blakley has written a book that very succinctly describes the authorization policy model behind CORBASec titled "CORBA Security: An Introduction to Safe Computing with Objects": ISBN: 0201325659. Don't let the title of this book fool you, it is more about authorization policy model than it is about how that model is expressed in CORBA IDL, IIOP, etc.

I'm sure there is a lot of good material on CORBASec that I have failed to mention. If you know of any please post it to the list.

--
<<Gilbert Pilz.vcf>>

BEGIN:VCARD
VERSION:2.1
N:Pilz;Gilbert;W.;;Jr.
FN:Gilbert W. Pilz Jr.
ORG:Jamcracker, Inc.
TITLE:Security Architect
TEL;WORK;VOICE:408.725.4300
ADR;WORK:;;19000 Homestead Rd.;Cupertino;CA;95014-0712;United States of America
LABEL;WORK;ENCODING=QUOTED-PRINTABLE:19000 Homestead Rd.=0D=0ACupertino, CA 95014-0712=0D=0AUnited States of Amer=
ica
EMAIL;PREF;INTERNET:gpilz@jamcracker.com
REV:20001226T182732Z
END:VCARD