Issue 2 :  November 1999

Contents

Welcome to Issue 2

Key News Items

CDSA Version 2 Technical Standard

CDSA to be featured at Santa Clara Seminar, December 8, 1999

CDSA at our Washington DC Conference  (October 1999)

CDSA at our San Diego Conference (January 2000)

Intel submits its UAS Specification to The Open Group Fast-track process

Product News: Apple's Security Architecture

The Intel White Paper updated

Contact Information

Contributions

New Sites being Developed

About the CDSA Newsletter

Welcome to Issue No. 2
Welcome to the second issue of the CDSA-Newsletter.  If you are unfamiliar with this newsletter you can find an explanation and a copy of Issue 1 on our web site at http://www.opengroup.org/tech/security/cdsa_newsletter.htm, or see the last item below.

Key News Items

Intel announces key dates:

• Publication of CDSA Version 2 (see item below)
• Release of CDSA V2R3 software in February 2000 (see below)
• Conformance test suite due April 2000         (see below)
• UAS Specification for Q3 2000 (see item below)
• Security Seminar in Santa Clara on December 8 (see item below)

CDSA Version 2 Technical Standard

The new version (Version 2) of the CDSA Technical Standard was has been finally adopted and only just published (15 November) after a delay whilst conflicting comments were resolved at the end of the formal review and adoption process.

The new version extends current CDSA features to embrace other industry standards efforts in the following areas:

• Remote Certification Authority Services
• Basic privilege and authorization mechanisms to support corporate and government policies on cryptography and security services
• Use of generalized credentials by human users

Performance enhancing features for manipulating certificates and certificate revocation lists

The new specification or Technical Standard can be found at http://www.opengroup.org/publications/catalog/c902.htm.

CDSA to be featured at Santa Clara Seminar, December 8, 1999

It is not too late to register for our Seminar next month.  Details can be found at http://www.opengroup.org/seminars/schedule/Security_CA/ .

Making eBusiness Secure: The Role of CDSA and PKI
December 8th, 1999 : 8:30am - 1:30pm         
Santa Clara Marriott, 2700 Mission College
Boulevard, Santa Clara, California

Agenda
8.00	Sign-in and continental breakfast
8.30	Welcome
8.45	The Architecture of Security Whitfield Diffie, Distinguished Engineer, Sun Microsystems, Inc.
9.30	CDSA v2.0An Update on the Standard Terry Smith, CDSA Marketing Manager, Intel Corporation
10.00	Apples Security Architecture and CDSA Aram Perez, Chief Security Architect, Apple Computer Inc.
10.30	Break
10.45	CDSA & Application Development in the HP Environment Mike Jerbic, R&D Project Manager, Hewlett-Packard Company
11.15	A Framework for Distributed Authorization Services Bob Blakley, Chief Scientist, Dascom
11.45	Panel Discussion and Q&A
12.30	Lunch

The seminar is free of charge.
You will find a registration form on our web site.
Don't miss this opportunity to hear about and question the presenters in person.

CDSA at The Open Group Quarterly Conference in Washington DC (October 1999)

The theme of our Washington DC Conference was "Trust and Confidence in the Global Infrastructure" (highlights of the Conference can be found at http://www.opengroup.org/public/member/q499/highlights.htm .  The Conference was sponsored by Intel.

CDSA featured throughout the meeting:

• Presentations made frequent reference to the role of CDSA in establishing Trust and Confidence and in relation to PKI.
• A special lunchtime meeting hosted by Intel and The Open Group brought a number of key Government representatives together to learn of developments from George Cox (Intel), Bill Franklin (IBM) and Graham Bird (The Open Group). During the presentations George Cox revealed the timetable for developments:
  • CDSA Version 2 Release 3 ... February 2000
  • Conformance Test Suite ... April 2000
  • Human Recognition Services (HRS)
    •  Specification ... Q3 2000
    •  Reference Implementation ... Q3 2000
  • CDSA Futures ... ongoing

     Bill Franklin (IBM) provided a brief explanation of CDSA and Graham Bird (The Open Group) talked about testing and certification, and especially the development of the CDSA Product Standard and the CDSA Brand Program.    

     The following representatives were available for questioning:

         Apple
         Mike Barnick
            barnick@apple.com
         Telephone +1 408-974-9006
         Intel
         Dr George Cox
         cox@ibeam.jf.intel.com
         Telephone +1 503-264-6647
         Baltimore
         Stephen Farrell
         stephen.farrell@baltimore.ie
         Telephone +353-1-647-7300
         Intel
         Terry Smith
         Terry_A_Smith@ccm.jf.intel.com
         Telephone +1 503-712-1026
         IBM
         Bill Franklin
         wafrank@us.ibm.com
         Telephone +1 919-543-2506
         Hewlett Packard
         Mike Jerbic
         mjerbic@cup.hp.com
         Telephone +1 408-447-6299
         The Open Group
         Graham Bird
         g.bird@opengroup.org
         Telephone +1 650-323-7992
         CDSA Newsletter
         Dr Phil Holmes
         p.holmes@opengroup.org
         Telephone +44-118-950-8311

*  The Security Program Group considered proposals for the CDSA Product Standard and undertook detailed consideration of the UAS Specification (see item below).  The current proposal for the CDSA Product Standard is at http://www.opengroup.org/security/CDSA%20Profile%20pp-03.htm .

Open Group members can find the full conference documentation at http://www.opengroup.org/postdocs and the write up and slides from the lunchtime presentation at http://www.opengroup.org/mem_only/councils/q499/special/cdsa/index.htm

CDSA at our San Diego Conference (January 2000)

The upcoming Quarterly Conference of The Open Group in San Diego (from 28th January 2000) has Enterprise Management for eBusiness in the 21st Century.   There is bound to be a debate of issues surrounding security and manageability.  We also plan a Technical Track on CDSA for Day 2 (Tuesday's Program, unrelated to the main theme).

The Security Program Group meets from the Wednesday to examine the proposals for the API to biometrics devices (see item below) and to discuss a number of topics related to CDSA, including testing, conformance, and branding. Further details of the Conference can be found at http://www.opengroup.org/conference.

Intel submits its UAS Specification to The Open Group Fast-track process

Intel has agreed for The Open Group to take its UAS/HRS Specification through the Fast-Track Review Process with the intention of the specification becoming an Open Standard. The User Authentication Services (UAS) provides an elective module manager within CDSA to provide for the use of biometrics as a means of user authentication.   The specification going into the review process can be found at http://developer.intel.com/ial/security/specifications.htm

Use of biometrics techniques (retina, finger prints, etc.,) provide new ways to authenticate a user and can be used in place of a swipe card. An Open Standard will be of immense help to those wishing to deploy CDSA and more generally.

UAS, HA-API and BioAPI was the subject of an item in the CDSA-Newsletter Issue No.1 which reported on a presentation by John Wilson.  This item linked to John's slides.

Product News: Apple's Security Architecture

Apple found a need to provide a security architecture for its operating systems. Apple did not want to "re-invent the wheel", so it performed a study of the existing security architectures. After careful evaluation, Apple chose CDSA. The reasons for picking CDSA include: 1) it is an "open standard", 2) it has wide industry acceptance, 3) it is platform independent, 4) it has the most complete architecture, 5) it provides a good level of abstraction, and 6) CDSA is the most flexible and extensible architecture.

There are two main reasons why Apple is providing a Security Architecture. The first one is to provide a low barrier of entry to Apple developers with respect to security. The second reason is to continue Apple's tradition of ease of use and consistent user experience with respect to security,

The focus of Apple's Security Architecture is the System Security Services which is the layer above the Common Security Services Manager (CSSM). When developers use the System Security Services, they do have to worry about the differences between CDSA 1.2 and 2.0. The initial set of System Security Services are described in the next two paragraphs.

The first service is the Keychain. The Keychain is both the user experience and a developer interface. The user experience is handled by Keychain Access. Keychain Access is how a user manages his/her security related objects such as certificates and keys. Keychain Manager is the interface that developers use to access the user's security related objects without worrying about which DL and/or DB the object exists.

The second service is Apple File Signing. This service allows developers to sign their files and have the user verify the file. Although the storage of the signature is Macintosh file specific, the format is based on PKCS#7. Files can be verified when they are downloaded from a network or on demand by the user.

Apple will be delivering its Security Architecture in the release of Mac OS known as Sonata (which should be available by the end of the year). Apple will be extending its System Security Services to include encryption services and secure e-mail.

Note:   This item was provided by Aram Perez earlier in the year.  Please refer to Apple's web site (see next item) or, preferably, listen to Aram's presentation on Decmeber 8 at our Santa Clara Seminar (see above).

The Intel White Paper updated

Intel provided an updated White Paper entitled "Intels CDSA Security Initiative - Making PCs and Servers trustworthy for communications, eCommerce, and content", for circulation at the Washington DC Conference (see item above).   The text is available as a pdf file from the following URL: http://www.opengroup.org/tech/security/cdsa/newsletter/intel_whitepaper.pdf

Contact Information

Primary sources of information about CDSA include the Intel and IBM website, as well as The Open Group site.  We are still in the process of building a comprehensive list of contacts and sources, principally CDSA licensees. Below is a preliminary list. We would like to add CDSA and/or CDSA product specific URLs and email contacts, and welcome help in gathering this information.

Apple: http://www.apple.com
AT&T: http://www.att.com
Baltimore: http://www.baltimore.com
Bull: http://www.bull.com
CDSA: http://www.cdsasecurity.com
Certicom: http://www.certicom.com
Chrysalis: http://www.chrysalis.com
Compaq: http://www.compaq.com
Cylink: http://www.cylink.com
Digital Persona: http://www.digitalpersona.com
IBM: http://www.ibm.com and http://www.ibm.com/security/cryptoproducts
Intel: http://www.intel.com and http://www.intel.org/ial/security
ISG: http://www.veriguard.com
Lotus http://www.lotus.com
Motorola: http://www.motorola.com
Rainbow: http://www.rainbow.com
RSA: http://www.rsa.com
The Open Group: http://www.opengroup.org
Valicert:http://www.valicert.com
Veridicom: http://www.veridicom.com

Contributions

Yes, we would be happy to receive contributions to the CDSA Newsletter and these can be sent direct or via any member of the Advisory Board. All submissions will be considered for publication though they will be subject to review and minor editing prior to publication. Naturally, we reserve the right not to publish. We are equally keen to learn what you would like to see in the CDSA Newsletter. So please send us an email suggesting items you would like to read about or subjects you'd like explained.

New Sites being Developed

Open Group Members may be interested in two new sites.

The first provides information about Achievements of The Open Group in a matrix divided by subject area and type of activity.  Have a look at the Security Highlights at http://www.opengroup.org/mem_only/achievements .

The second is very new and experimental.  Feedback and materials would be very welcome.  The site with a working title of "The Word of CDSA" can be found at http://www.opengroup.org/mem_only/tech/cdsa_worldof .  We are working to improve the pages, navigation and look and feel of the site.

Please provide any improvement suggestions and feedback to p.holmes@opengroup.org

About the CDSA-Newsletter

The CDSA Newsletter is designed to meet the demand for continuing information about the Common Data Security Architecture (CDSA) following the success of the CDSA Awareness Days co-sponsored by Intel, IBM and The Open Group. It is distributed by email and via the Web, it will carry news and information about CDSA, and will be issued as and when articles become available. Each issue will comprise just a few pages, making it easy to digest. Longer articles will be serialized, or summarized in the newsletter and made available from the Web.

The following experts have agreed to serve on an Advisory Board:

• Terry Smith and John Wilson from Intel,
• Bill Franklin and Mike Muresan from IBM,
• Mike Jerbic from Hewlett-Packard, and
• Aram Perez from Apple.

The CDSA Newsletter is written for a number of different audiences. It will help CIO's and their reports to understand the merits of CDSA. It will also help software developers. Most of the articles will assume some technical knowledge and an appreciation of security needs.     

The CDSA Newsletter is free-of-charge and will be widely circulated. However, to ensure receipt of future issues or to view the contents on The Open Group Web site, please go to http://www.opengroup.org/tech/security/cdsa_newsletter.htm and either 'Register' if a first time user, or 'Login' if you have already got a user name and password.

The CDSA Newsletter is edited by Phil Holmes and published by The Open Group. Copyright(c) The Open Group, 1999.