CORBA Security Conformance Statement

28 November, 2000

TAO (The ACE ORB)

Center for Distributed Object Computing, Washington University
Distributed Object Computing Laboratory, University of California at Irvine

1. Introduction

The security features that TAO provides are introduced in this section. Detailed descriptions are available in later major sections.

1.1 Summary of Security Conformance

This section summarizes the CORBA Security Service features that TAO provides.

CORBA Security Functionality Checklist

Main Functionality

(Level 1 or Level 2)

Functionality Options

(Non-Repudiation)

Security Replaceability
ORB Services
Security Services
Security Ready
         

 

CORBA Secure Interoperability Checklist
Interoperability
IIOP
DCE
Level
SECIOP
SSL
CIOP
SPKM
Kerberos
CSI-ECMA
SPKM 1
SPKM 2
Private
Public
Hybrid
Level 0
               
Level 1
               
Level 2
               

 

Supported
Pending
N/A

1.2 Scope of Product

TAO supports confidential communication through its IIOP over SSL pluggable protocol, SSLIOP.

1.3 Security Overview

Using TAO's SSLIOP pluggable protocol, it is possible to ensure that all remote method invocations between ORBs that implement IIOP over SSL are confidential. This is made possible by the confidentiality the Secure Socket Layer (SSL) provides. X.509 certificate-based access control is also possible using TAO's SSLIOP::Current extension.

2. Security Conformance

TAO conformance to the CORBA Security Service is detailed in this section.

2.1 Main Security Functionality Level

Work is currently underway to implement Security Functionality Level 1.

2.2 Security Functionality Options

There are no current plans to implement non-repudiation. However, this may change in the future.

2.3 Security Replaceability

Work is currently underway to implement the core Security Replaceability components detailed in the Security Service.

2.4 Secure Interoperability

TAO supports SSL based interoperability. It uses OpenSSL as its underlying SSL implementation.

2.5 Level of Interoperability

TAO supports level 0 interoperability through its IIOP over SSL pluggable protocol, SSLIOP.

2.6 Mechanism Profiles

All cryptographic profiles supported by SSL, OpenSSL in particular, are supported by TAO. ORBs that support those profiles should be able to interoperate with TAO.

3. Assurance

3.1 Philosophy of Protection

3.2 Threats

3.3 Security Policies

3.4 Security Protection Mechanisms

3.5 Environmental Support

3.6 Configuration Constraints

3.7 Security Policy Extensions

4. Supplemental Product Information