Re: [Embedlets-dev] Re: Security
Status: Alpha
Brought to you by:
tkosan
Menu
▾
▴
Re: [Embedlets-dev] Re: Security
|
From: Jac K. <j.k...@th...> - 2003-02-09 22:26:40
|
Hmm, I think using vlans to secure the connection between embedlets and enterprise systems is overly optimistic. Embedlet hardware with temperature probing devices might be used in a plant, but in office buildings as well and I don't think network groups are going to be fond of creating vlans with lots of devices spread acros buildings. Doing things this way would shift the burden from developers to those dealing with production systems and networks. Being one of the people having to deal with problems created by 'lazy' developers for most of my working day I can say my collegues and I are not very fond of them... Security should be part of our solution, not something someone else has to provide, IMHO. Webservices are the perfect example of failing security. In the early days they promised to be the perfect solution for integration of services over the Internet, now they're only being used in closed networks. Regards, Jac On Sun, 9 Feb 2003, Andrzej Jan Taramina wrote: > Date: Sun, 09 Feb 2003 13:58:13 -0500 > From: Andrzej Jan Taramina <an...@ch...> > Reply-To: emb...@li... > To: emb...@li... > Subject: [Embedlets-dev] Re: Security > > Topic tags:[ARCH][JAPL][WIRING][DOCS][MGMT][STRATEGY][NEWBIE] > _______________________________________________ > > Jac states: > > > While reading some of the messages on this list I started wondering if > > we're taking security into consideration while designing and are going to > > implement it from the start. One of the issues with webservices is (was?) > > the lack of standardized authentication/security, resulting in a delayed > > acceptance of webservices if one may believe the trade press. > > My thinking was that security would initially (in an enterprise deployment > scenario) be provided by the surrounding infrastructure (network and such). > Embedlets would be running on a factory/warehouse floor on a physically > controlled subne or VLAN, with properly secured gateways to the back end > Enterprise Systems, access/security/authentication would be managed outside > of the Embedlet container, so we could assume (at least initially) that we don't > have to do much in that area (maybe just some rudimentary password > protection for external access to Management Services and the like). If there > is a connection between a plant network and head office, it would be secured > (either a dedicated link or VPN tunnel across the public net), but I don't think > we'll see devices exposed on the public internet for production deployments. > > Doing the typical security things on a tiny processor (authentication, > authorization, encryption/decryption of data streams) will be nigh impossible > on some of the smaller platforms. > > Web Services are being implemented in production as we speak....but > primarily behind the corporate firewalls. I see embedded systems as following > that pattern. > > That being said, our modular approach to services and the like would allow us > to plug in more security features later on without much trouble, since it will be > an issue that will be raised in the corporate environment. > > > > > Andrzej Jan Taramina > Chaeron Corporation: Enterprise System Solutions > http://www.chaeron.com > > > > ------------------------------------------------------- > This SF.NET email is sponsored by: > SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! > http://www.vasoftware.com > _______________________________________________ > Embedlets-developer mailing list > Emb...@li... > https://lists.sourceforge.net/lists/listinfo/embedlets-developer > -- Jac Kersing Technical Consultant The-Box Development j.k...@th... http://www.the-box.com |
Thanks for helping keep SourceForge clean.
X