CFP: Fifth Workshop on Distributed Objects and Components Security

CALL FOR PRESENTATIONS FOR THE
FIFTH WORKSHOP ON DISTRIBUTED OBJECTS and COMPONENTS SECURITY

March 26 - 29, 2001
Loews Annapolis Hotel
126 West Street
Annapolis, MD 21401

Organized by
The Object Management Group

Sponsored by
Software Solutions Division of Hitachi Computer Products (America), Inc.

INTRODUCTION
In today's highly competitive and constantly shifting IT environment of
ubiquitious networks, internet portals, and software component application
servers, enterprises no longer question the need for Distributed Objects
and Components (DOC) in their enterprise IT architecture. Most have at
least on mission critical application built on products implementing
Microsoft (Microsoft Component Server), Java (Enterprise Java Beans), or
Object Management Group (CORBA Component Model) standards.  Many probably
have multiple mission-critical applications built on products built a mix
of those standards.  As those organizations attempt to integrate those
applications into new mission-critical applications, they start to ask the
question: How do we achieve inter-operation among the three standards to
avoid new generations of stovepipe systems?

The available security technologies for any one specification are critical
to the success of the enterprise subsystems that use that model.  However,
the available standards and technologies are not without their own
difficulties. Aspects such as,  unfamiliarity with the model, complexity of
the model, and in some cases, quality of the products, give rise to
perplexing problems that designers, programmers, and administrators must
work together to overcome.

Using different DOC technologies together in an enterprise adds an order of
magnitude to the problems. Some aspects of the security technologies of
each model are incompatible with those of the others.

Building on the success of four previous Distributed Object Computing
Security Workshops, but extending the subject to include software component
servers, the OMG is organizing this Fifth DOCSec Workshop.  Reflecting the
emergence of Components as a critical technology, DOCSec this year means
Distributed Objects and Component Security.  The purpose of the workshop
remains the same, though:  to bring together DOCSec users, vendors and
specification developers to share experiences, requirements, and plans.

The Workshop is open to anyone who is building - or trying to build -
security products or secure applications in a Distributed Objects and
Components environment.  The program will start with a two days of
tutorials including a half day each of: DOCSec issues; EJB Security, CORBA
Security, and Microsoft DNA Security.  The following two days will consist
of sessions covering the state of the practice, the state of the art, and
the theoretical and practical aspects of the as-yet-unsolved hard problems
in Distributed Objects and Components Security.  Interest and technology
permitting, the workshop will also include a DOCSec interoperability
demonstration among all of the vendors willing to accept the challenge.

The Workshop Program Committee is seeking proposals for presentations
addressing any of the following topics:

DOCSec State of the Practice
A critical aspect of the IT project risk analysis process in many
enterprises is a survey of other organizations that have attempted similar
IT projects.  To encourage and assist organizations considering an
exploratory or mission-critical DOCSec project, the program committee is
very interested in presentations that document both the successes and
failures of those who have attempted to build DOCSec systems using
available products and techniques.  We are especially interested in
presentations describing the issues associated with:

- Creating secure enterprise systems using DOCsec products
- Integrating enterprise legacy systems using DOCsec products
- Integrating DOCsec security services with system and product legacy
security services (e.g., Kerberos, DCE, PKI)
- Specializing existing and emerging DOCsec products for specific
application domains or operational requirements
- Providing application layer security policy support that can be
established, implemented and administered for specific
application    domains or operational requirements
- Administering the security mechanisms, services, and policies in systems
that are completed and deployed

DOCsec State of the Art
- Recent and emerging secure interoperability standards within and among
CORBA, Microsoft, and Java Security Specifications
- Recent and emerging additions or refinements to CORBA, Microsoft and
Java/EJB Security specifications
- Capabilities provided by or missing from recent and emerging CORBA,
Microsoft and Java/EJB Security specifications
- Descriptions of products that incorporate new DOCSec specifications
- Descriptions of products that manage and administer DOCSec mechanisms,
services, and policies in both homogeneous and heterogeneous environments

DOCsec Challenges
- Issues associated with realizing the security specification(s) for each
DOC model
- Integrating DOCsec products with Operating Systems and products
implementing other DOC Services (e.g., transactions or naming)
- Security assurance issues in DOCsec Products
- Security Architecture issues in DOCsec Products
- DOCsec Product dependencies on OS security
- DOCsec Product dependencies on network security
- Security administration in homogeneous or heterogeneous configurations of
existing and emerging DOCsec products
- Validating the security posture of homogeneous or heterogeneous
configurations of existing and emerging DOCsec products
- Balancing dynamic operational performance requirements with both static
and dynamic security requirements
- Establishing extra-domain security relationships in response to evolving
operational requirements

INSTRUCTIONS
Interested individuals or organizations are invited to submit via email a
brief (one printed page or 60 80-character email lines of text) abstract of
the presentation/position they are proposing for the Workshop to
docsec-ideas@omg.org by 1 December 2000.
Authors of selected presentations will be notified on 19 December 2000.

Final presentation materials are due in electronic publication format by 1
March 2001. The final Workshop agenda and registration details will be
posted to www.omg.org/news/meetings/docsec2001/workshop.htm

-------------------------------------------
WORKSHOP COMMITTEE
Chairs:
Richard Soley, Object Management Group
David Chizmadia, CSC/Information Assurance Solutions

Members:
Konstantin Beznosov, Concept Five Technologies
Carol Burt, 2AB
Bob Blakley, DASCOM
Polar Humenn, Adiron. LLC
Gene Jarboe, Promia, Inc.
Kevin Loughry, Object Management Group
Jishnu Mukerji, Hewlett-Packard
Jon Siegel, Object Management Group
Andrew Watson, Object Management Group