APPENDIX II

REFERENCES

IBM Security Architecture [SC28-8135-01]

ECMA 138 (SESAME) (see http://www.esat.kuleuven.ac.be/cosic/sesame3_2.html)

Open Systems Foundation Distributed Computing Architectures (see http://www.osf.org/tech_foc.htm)

APPENDIX III

GLOSSARY

Architecture

That part of design that deals with appearance, function, location, and materials.

Authentication

The testing or reconciliation of evidence; reconciliation of evidence of user identity

Cryptography

The art of secret writing; the translation of information from a public code to a secret one and back again for the purpose of limiting access to it to a select few.

Distinguished User Name

User’s full name so qualified as to be unique within a population. Qualifiers may include such things as enterprise name, organization unit, date of birth, etc.

Enterprise

The largest unit of organization; usually associated with ownership. (In government it is associated with sovereignty or democratic election.)

Enterprise Data

Data which are defined, meaningful, and used across business functions or for the strategic purposes of the enterprise.

Name Space

All of the possible names in a domain, whether used or not.

PIN

Personal Identification Number; evidence of personal identity when used with another form.

APPENDIX IV

PRODUCTS OF INTEREST

Secure authentication products — A number of clients and servers share a protocol for secure authentication. These include Novell Netware, Windows NT and Oracle Secure Network Services. A choice of these may meet some of the architectural requirements.

Single sign-on products — Likewise, there are a number of products on the market that meet some or all of the requirements for limited or single sign-on. These include SSO DACS from Mergent International, NetView Access Services from IBM, and NetSP.

•  SSO DACS (Mergent International) (see http://www.pilgrim.umass.edu/pub/security/mergent.html)

•  NetView Access Services (IBM) (see http://www.can.ibm.com/mainframe/software/sysman/p32.html)

•  SuperSession (see http://www.candle.com/product_info/solutions/SOLCL.HTM)

•  NetSP (IBM) (see http://www.raleigh.ibm.com/dce/dcesso.html)

Authentication services — A number of standard services are available for authenticating evidence of user identity. These include:

•  Ace Server (see http://www.securid.com/ID188.100543212874/Security/ACEdata.html)

•  TACACS (see http://sunsite.auc.dk/RFC/rfc/rfc1492.html)

•  Radius (see http://www.tribe.com/support/TribeLink/RADIUS/RADIUSpaper.html)

Administrative services — There are a number of products that are intended for creating and maintaining access control data across a distributed computing environment. These include:

•  Security Administration Manager (SAM) (Schumann, AG) (see http://www.schumann-ag.de/deutsch/sam/sam.html)

•  RAS (Technologic) (see http://www.technologic.com/RAS/rashome.html)

•  Omniguard Enterprise Security Manager (Axent) (http://www.axent.com:80/axent/products/products.html)

•  Mergent Domain DACS (http://www.mergent.com/html/products.html)

•  RYO (“Roll yer own”)