Upload
others
View
2
Download
0
Embed Size (px)
Citation preview
CDSA Program UpdateCDSA Program Update
Graham BirdGraham Bird
[email protected]@opengroupopengroup.org (650) 323 7992.org (650) 323 7992
SECURITY
AgendaAgenda
ll Product StandardsProduct Standards
ll The Open Brand programThe Open Brand program
ll DiffusionDiffusion
ll SchedulesSchedules
ll Q&AQ&A
Product StandardsProduct Standards
Product StandardsProduct Standards
ll Real WorldReal World
–– Vendors productVendors product
–– Buyers needsBuyers needs
ll What it means to conformWhat it means to conform
ll ConciseConcise
–– Lots of pointersLots of pointers
–– Web basedWeb based
Product StandardsProduct Standards
Specification
SpecificationSpecification
UNIX 98
UNIX 98 Server
Specification
Internet Server
Crypto Plugin
CDSA Product StandardsCDSA Product Standards
CDSA Client
Smartcard Plugin
CDSA ClientCDSA Client
ll CSSM APIsCSSM APIs
–– digital signaturedigital signature
–– public key delivery &public key delivery &validationvalidation
–– certificate managementcertificate management
–– cryptocrypto services services
–– optionally, key recoveryoptionally, key recovery
ll CSSMCSSM SPIs SPIs
–– CryptoCrypto
–– Data StorageData Storage
–– Certificate LibraryCertificate Library
–– Trust PolicyTrust Policy
Crypto PluginCrypto Plugin
ll CryptoCrypto SPI SPI
–– bulk encryptionbulk encryption
–– digital signaturedigital signature
–– cryptographic hashcryptographic hash
–– key generationkey generation
–– random number generationrandom number generation
Smartcard PluginSmartcard Plugin
ll CryptoCrypto SPI SPI
–– bulk encryptionbulk encryption
–– digital signaturedigital signature
–– cryptographic hashcryptographic hash
–– key generationkey generation
–– random number generationrandom number generation
ll Data Storage SPIData Storage SPI
–– persistent storage &persistent storage &recovery of:recovery of:
• certificates
• revocation lists
• associated data
The Open BrandThe Open Brand
l It Worksl It Will Continue to Workl Problems Will Be Fixed
What the Brand Stands For
Value.Backed by Guarantee.
Ipso facto ad volorem
How Do You Know?How Do You Know?
SECURITY
How it WorksHow it Works
ll Trademark LawTrademark Law
ll Process to CertifyProcess to Certify
–– APIs - PortabilityAPIs - Portability
–– Data FormatsData Formats
–– ProtocolsProtocols
–– Interoperability AssuranceInteroperability Assurance
ll Hardware IndependentHardware Independent
The Open Brand FamilyThe Open Brand Family
UNIX BASE CDE SECURITY
The Key AcceleratorThe Key Accelerator
ll Over 1700 Branded Products To DateOver 1700 Branded Products To Date
ll ProcurementsProcurements
$25
Billion $25 Billion requiring the Open Brand
Brand ProcurementsBrand Procurements
ll Air Force WorkstationAir Force Workstation
–– $800 Million$800 Million
ll Desktop VDesktop V
–– $1.2 Billion$1.2 Billion
ll Air Force ICARDSAir Force ICARDS
–– $932 Million$932 Million
ll NASA SEWPIINASA SEWPII
–– $1800M$1800M
Market Impact - Example
l Single UNIX Specification• Supported by all major vendors• IBM MVS• Siemens mainframe o/s• API adoption in proprietary o/s• Adoption in “freeware”
The ProcessThe Process
Product?Practical Guide
toThe Open Brand
Product Standard
How to Test
TMLAInterpretations
WaiversTSDs
Formal Test
Registration Application Certificate
Product Registered
Annual Renewal
Test Suite(s)Test Suite(s)
ll Indicators of ComplianceIndicators of Compliance
–– Continuous Continuous notnot snapshot snapshot
–– Supports BrandSupports Brand
ll Quality Assured LabQuality Assured Lab
ll Quality Control LabQuality Control Lab
AdministrationAdministration
ll Check Submission is CompleteCheck Submission is Complete
ll Audit Test ReportAudit Test Report
ll Audit Conformance StatementAudit Conformance Statement
ll Fees are correctFees are correct
ll Enter onto RegisterEnter onto Register
ll Certificate IssuedCertificate Issued
ll Annual RenewalAnnual Renewal
Brand DevelopmentBrand Development& Marketing& Marketing
Brand Program DevelopmentBrand Program Development
ll Product StandardProduct Standard
ll Conformance StatementConformance Statement
ll Admin formsAdmin forms
ll Test suiteTest suite
ll TrademarksTrademarks
ll Life-cycleLife-cycle
–– specsspecs
–– Product Standard(s)Product Standard(s)
WeUse
CDSA
What can carry the Open Brand?What can carry the Open Brand?
Applications
CDSAProduct Standard(s)
Modules
TM
TM
CustomersCustomers
ll Applications EndorsementApplications Endorsement
–– Any applicationAny application
ll CDSACDSA
–– Platform suppliersPlatform suppliers
–– Infrastructure suppliersInfrastructure suppliers
ll ModuleModule
–– RSA etcRSA etc
Ensuring DiffusionEnsuring Diffusion
Procurement
Trademarks
Marketing& promotion
Application& ISV
endorsement
Branddevelopment
PromotionPromotion
ll Press and Analyst BriefPress and Analyst Brief
ll PR programPR program
–– Press releasesPress releases
–– Press trackingPress tracking
ll CollateralCollateral
–– White papersWhite papers
–– Article placementArticle placement
–– Slide setsSlide sets
ll Speaker placementSpeaker placement
ll VendorVendor salesforce salesforce
–– salesforcesalesforce brief brief
–– Collateral packCollateral pack
–– Help lineHelp line
ll ISV adoption programISV adoption program
ll PlugathonsPlugathons
User DemandUser Demand
ll ProcurementProcurement
–– TargetedTargeted
–– Visible / referencesVisible / references
ll Application Endorsement programApplication Endorsement program
–– “It works with CDSA”“It works with CDSA”
–– Simple & lightweightSimple & lightweight
–– Web basedWeb based
TimescalesTimescales
ll Product StandardsProduct Standards Q2Q2
ll Test SuiteTest Suite Q3/4Q3/4
ll ProcurementProcurement Q3Q3
ll ProductProduct Q4/5?Q4/5?
Questions / InputQuestions / Input
?
Branding EnvironmentBranding Environment
ll Hardware & SoftwareHardware & Software
–– DependenciesDependencies
ll Binary Compatible FamiliesBinary Compatible Families
–– Architecture SpecificArchitecture Specific
–– PCPC
Interpreting SpecificationsInterpreting Specifications
ll Permanent InterpretationsPermanent Interpretations
–– Until next Issue of SpecificationUntil next Issue of Specification
ll Temporary InterpretationsTemporary Interpretations
–– Whilst a problem is investigatedWhilst a problem is investigated
ll WaiversWaivers
–– Cleared within 12 MonthsCleared within 12 Months
ll Agreed Test Suite DeficienciesAgreed Test Suite Deficiencies
–– Until test suite is fixedUntil test suite is fixed
Conformance StatementConformance Statement
ll Records Implementation DetailsRecords Implementation Details
–– Numeric LimitsNumeric Limits
–– OptionsOptions
ll Branding EnvironmentBranding Environment
ll One CS per Product StandardOne CS per Product Standard
ll Available to CustomersAvailable to Customers
ll Web basedWeb based