CORBA Security Conformance Statement

28 November, 2000

TAO (The ACE ORB)

Center for Distributed Object Computing, Washington University
Distributed Object Computing Laboratory, University of California at Irvine

• Introduction
  • Summary of Security Conformance
  • Scope of Product
  • Security Overview
• Security Conformance
  • Main Security Functionality Level
  • Security Functionality Options
  • Security Replaceability
  • Secure Interoperability
  • Level of Interoperability
  • Mechanism Profiles
• Assurance
  • Philosophy of Protection
  • Threats
  • Security Policies
  • Security Protection Mechanisms
  • Environmental Support
  • Configuration Constraints
  • Security Policy Extensions
• Supplemental Product Information

1. Introduction

The security features that TAO provides are introduced in this section. Detailed descriptions are available in later major sections.

1.1 Summary of Security Conformance

This section summarizes the CORBA Security Service features that TAO provides.

CORBA Security Functionality Checklist
Main Functionality (Level 1 or Level 2)	Functionality Options (Non-Repudiation)	Security Replaceability
		ORB Services	Security Services	Security Ready

 

CORBA Secure Interoperability Checklist
Interoperability	IIOP							DCE
Level	SECIOP						SSL	CIOP
	SPKM		Kerberos	CSI-ECMA
	SPKM 1	SPKM 2		Private	Public	Hybrid
Level 0
Level 1
Level 2

 

Supported	Pending	N/A

1.2 Scope of Product

TAO supports confidential communication through its IIOP over SSL pluggable protocol, SSLIOP.

1.3 Security Overview

Using TAO's SSLIOP pluggable protocol, it is possible to ensure that all remote method invocations between ORBs that implement IIOP over SSL are confidential. This is made possible by the confidentiality the Secure Socket Layer (SSL) provides. X.509 certificate-based access control is also possible using TAO's SSLIOP::Current extension.

2. Security Conformance

TAO conformance to the CORBA Security Service is detailed in this section.

2.1 Main Security Functionality Level

Work is currently underway to implement Security Functionality Level 1.

2.2 Security Functionality Options

There are no current plans to implement non-repudiation. However, this may change in the future.

2.3 Security Replaceability

Work is currently underway to implement the core Security Replaceability components detailed in the Security Service.

2.4 Secure Interoperability

TAO supports SSL based interoperability. It uses OpenSSL as its underlying SSL implementation.

2.5 Level of Interoperability

TAO supports level 0 interoperability through its IIOP over SSL pluggable protocol, SSLIOP.

2.6 Mechanism Profiles

All cryptographic profiles supported by SSL, OpenSSL in particular, are supported by TAO. ORBs that support those profiles should be able to interoperate with TAO.

3. Assurance

3.1 Philosophy of Protection

3.2 Threats

3.3 Security Policies

3.4 Security Protection Mechanisms

3.5 Environmental Support

3.6 Configuration Constraints

3.7 Security Policy Extensions

4. Supplemental Product Information