[Embedlets-dev] Re: Security

[Andrzej J. T. <an...@ch...>]

Jac states:

> While reading some of the messages on this list I started wondering if
> we're taking security into consideration while designing and are going to
> implement it from the start. One of the issues with webservices is (was?)
> the lack of standardized authentication/security, resulting in a delayed
> acceptance of webservices if one may believe the trade press.

My thinking was that security would initially (in an enterprise deployment 
scenario) be provided by the surrounding infrastructure (network and such).  
Embedlets would be running on a factory/warehouse floor on a physically 
controlled subne or VLAN, with properly secured gateways to the back end 
Enterprise Systems, access/security/authentication would be managed outside 
of the Embedlet container, so we could assume (at least initially) that we don't 
have to do much in that area (maybe just some rudimentary password 
protection for external access to Management Services and the like).  If there 
is a connection between a plant network and head office, it would be secured 
(either a dedicated link or VPN tunnel across the public net), but I don't think 
we'll see devices exposed on the public internet for production deployments.

Doing the typical security things on a tiny processor (authentication, 
authorization, encryption/decryption of data streams) will be nigh impossible 
on some of the smaller platforms.

Web Services are being implemented in production as we speak....but 
primarily behind the corporate firewalls.  I see embedded systems as following 
that pattern.

That being said, our modular approach to services and the like would allow us 
to plug in more security features later on without much trouble, since it will be 
an issue that will be raised in the corporate environment.




Andrzej Jan Taramina
Chaeron Corporation: Enterprise System Solutions
http://www.chaeron.com