[Embedlets-dev] Re: Security
Status: Alpha
Brought to you by:
tkosan
Menu
▾
▴
[Embedlets-dev] Re: Security
|
From: Andrzej J. T. <an...@ch...> - 2003-02-09 23:41:07
|
Jac states: > think using vlans to secure the connection between embedlets and > enterprise systems is overly optimistic. Embedlet hardware with > temperature probing devices might be used in a plant, but in office > buildings as well and I don't think network groups are going to be fond of > creating vlans with lots of devices spread acros buildings. That makes sense... > Doing things > this way would shift the burden from developers to those dealing with > production systems and networks. Being one of the people having to deal > with problems created by 'lazy' developers for most of my working day I > can say my collegues and I are not very fond of them... Point taken. > Security should be part of our solution, not something someone else has to > provide, IMHO. You've convinced me....I'll add an optional Security Service to the Architecture Document with a note that this might just be Authentication and not encryption based (due to the constraints of the platforms). I would expect that it would be primarily used in a userid/pswd mode (HTTP Basic Auth?) for external Management functions. The reason for making it optional is that it might not be needed if there are security functions provided by the network (eg. the shop floor LAN is isolated and protected from general access). How is that as the beginning of a solution, Jac? > Webservices are the perfect example of failing security. In the early days > they promised to be the perfect solution for integration of services over > the Internet, now they're only being used in closed networks. That's due to more than just a lack of basic security, since Web Services typically are being implemented over HTTP, and you can easily use HTTP Basic Authentication, SSL (and more) ot protect access to such services. As soon as you try to do transactional things with web services, you need long running transactions, encryption of payloads only (rather than the whole transmission with something like SSL), digital signatures (for identification) and common B2B requirements like non-repudiation, long running transaction support and the like. I think that saying that Web Services are only implemented inside the firewall due to a lack of "security" is a bit misleading, since there are very easy ways to secure web services in most cases. That has nothing to do with Embedlets necessarily....just setting the record straight is all. Andrzej Jan Taramina Chaeron Corporation: Enterprise System Solutions http://www.chaeron.com |
Thanks for helping keep SourceForge clean.
X