Open SSO Management. Joint Session Desktop + Security + Distributed System Management

Transcription

1 Open SSO Management Joint Session Desktop + Security + Distributed System Management

2 LDAP Contents TOG LDAP Project Overview Other LDAP-Related Work SSO Management Recap SSO Requirements Review of General Approach Program Responsibilities and Liaisons Timeline and Actions Schema Review

3 LDAP Lightweight Directory Access Protocol

4 LDAP Developed at the University of Michigan Taken up by Netscape and others Standardized in IETF LDAP v2 widely implemented LDAP v3 = v2 + (referrals + i18n +schema + extensibility + security) Proposed Standard (RFC 2251)

5 IT Dial LDAP Tone (TM)

6 What We Are Doing Test Suite SERVER profiles of IETF RFCs for Read Only Read-Write Internet White Pages Certificates Certification Program

7 Profile Specification Working Group One meeting (last November) 5 TOG-member system vendors (Fujitsu, Hitachi, IBM, SNI, Sun) 5 other major companies (AT&T, GTE, Microsoft, Netscape, Novell) 4 other companies (CAI, Isocor, MBI, Xcert) Eurosinet Liaison

8 Branding Options Stand-alone LDAP Brand Part of other Brands Web Server SSO...

9 Milestones Group formed last November Base documents agreed in principle Branding Plan end January Read-Only and Read-Write profiles end February Other profiles end April

10 LDAP Project - Key Points Opportunity for TOG to provide practical valueadd to industry LDAP work Certification program leverages off existing TOG test suite / brand structures Participation of principal players Strong ties with IETF WGs Focused effort for early deliverables Self-funding

11 Other Related LDAP Work IETF Microsoft/Cisco Initiative Device Protocol Media Application User New PKIX Work-item...

12 SSO Requirements Coordinated login Secure SSO Consolidated account management

13 SSO - Starting point Auth DB Auth DB Access Control Access Control

14 SSO - Consoldiated Login Sign -on Auth DB Access Control Auth DB Access Control

15 SSO - Secured Sign -on Sec Services SSL, S/MIME IPSEC etc Sec Services Access Control Sec Services DCE, CORBA, Activex etc Sec Services Access Control

16 SSO - Consolidated Management Consolidated Account Management Sign -on Sec Services SSL, CORBA S/MIME, DCE, etc Sec Services Access Control Sec Services Sec Services Access Control

17 Security Management Multi-vendor requirements APIs LDAP POSIX Vendor APIs Protocols SNMP V3 LDAP Vendors products

18 LDAP-related Work IETF schema registration white pages schema LDAP V3 (security, replication etc) LDAP API Complementary TOG Work LDAP/DCE Profile Definition / Certification System security schemas

19 Focus Following Boston Mtg Account Management Options TOG endorse existing vendor solution <=== no enthusiasm for that at SEP97 meeting TOG contribute to standard-based security management <=== agreed at SEP97 meeting Short-term LDAP Schemas Review Proposal Future Directions Initial implementations, Brand, Extensions...

20 Open SSO Management Feedback on general approach

21 LDAP Program Responsibilities general schema definition test suite definition ASID Liaison Management Review/comment Complementary APIs Security system security schema definitions/adoption PKIX Liaison

22 Timeline Management Program Review and comment Potentially produce user management commands Security Program Sec PG vendor inputs by 13FEB SSO Profiles D1 SSO Profile D2 Input to Company Review 1Q98 20FEB 2Q98 22MAY 3Q98 23JAN 28FEB 30APR 14AUG LDAP Program LDAP Profiles including SSO Framework r/o & r/w LDAP Profiles IWP / cert / SSO Framework LDAP Profiles Approved SSO Profile DRAFTS FINAL FINAL

23 Open SSO Management Schema review