Objetivo This project focuses on security management in an IBC network and in a distributed, multi-vendor environment, dealing with two aspects of security management: - management of security-related objects in support of the provision of security in an IBC environment and- integration of security services into the management system.The research focused on the management and administration of security services in a distributed, multivendor integrated broadband communications (IBC) environment. It was essentially concerned with the management of security related objects in support of the provision of security in an IBC environment.The main concerns of the research were the management of security services (authentication, authorization, access control, audit, key management, interdomain and secure directories) and the integration of security management into a proper network management platform. The last point is of special practical and commercial importance because this is how the research can contribute to the provision of information security in advanced communication architectures. In particular, security management in support of the basic IBC levels (applications, service infrastructure, network infrastructure), their relationship and their commercial interfaces were studied.The research has resulted in a top level specification for management architecture for interdomain service management, for secure directories, for key management services, for authentication services, for authentication services, for access control service management and for security audit and recovery services.Technical Approach The project includes the following items: (1) identification of the management requirements of the security services for IBC; (2) to contribution to the definition of IBC security architecture (R2051 SESAME) with respect to security management and provision of a security management system for IBC experiments (ACE); and (3) contributions to the definition of the security services of a management system for an IBC network and its applications (TMN). Prototypes for security management are developed on the basis of the CCITT/SO management architecture and protocols. Integration of the management for security services and the security of the management system will be performed in two steps: - With a common application such as file transfer or document retrieval.- With a working project in multimedia or an advanced communication experiment, using the common application mentioned above and thus demonstrating the usefulness of the management facilities developed in project SAMSON. APIs for security services and management facilities are defined to achieve portability and inter-operability. On-going work in European and international standardisation bodies (CCITT, ETSI, ISO, ECMA, EWOS) is followed and the results of SAMSON will be submitted to these. Key Issues The main concerns of project SAMSON are the management of security services (authentication, access control, audit, key management, inter domain) the security of the management system, the provision of security extensions for the X.500 directory and the integration of security management into a platform. Integration of security management and network management is a key item for advanced architectures such as TMN. Aspects of other architectures (VPN, Mobile, MANs) are taken into account by co-operation with related projects. Specific emphasis is put on security management for the basic IBC levels (applications, service infrastructure, network infrastructure), their relationship, and commercial interfaces. Expected Impact Due to their generic structure, the security functions of SAMSON will influence the standardisation activities in the security as well as in the management areas. The results of the project will be used to simplify the development of further IBC security management applications and secure management systems. Ámbito científico natural sciencescomputer and information sciencescomputer securityaccess control Programa(s) FP3-RACE 2 - Specific research and technological development programme (EEC) in the field of communication technologies, 1990-1994 Tema(s) Data not available Convocatoria de propuestas Data not available Régimen de financiación Data not available Coordinador SIEMENS AG Aportación de la UE Sin datos Dirección OTTO-HAHN-RING 6 81730 MÜNCHEN Alemania Ver en el mapa Coste total Sin datos
