Core Security Patterns: Best Practices and Strategies for J2EE, Web Services, and Identity Management

This section includes URLs and resources referenced in the chapter. In addition, leading vendor products for security service provisioning and password synchronization are listed.

General

Here are some URLs and resources referenced in this chapter.

[CJP2] Deepak Alur, Dan Malks and John Crupi. Core J2EE Patterns, Second Edition. Prentice Hall, 2003. http://corej2eepatterns.com/Patterns2ndEd/BusinessDelegate.htm

[Cryptocard] Cryptocard Technology. "The Incredible Cost of 'Free' Passwords."

[FisherLai] Marina Fisher and Ray Lai. "Designing Secure Service Provisioning." RSA Conference 2004.

[OpenSPML] OpenSPML. http://www.openspml.org

[PasswordSync] John Erik Setsaas. "Password Synchronization." EEMA's Directory Interest Group. http://www.maxware.com/News_Reviews/182-Passw-Synch.pdf

[PasswordSyncAgent] Password Synchronization Agent. https://pwsynch.dev.java.net/

[PasswordUsage] Protocom Development Systems. "Global Password Usage Survey." Version 1.0.0. October 23, 2003. http://www.protocom.com/whitepapers/password_survey.pdf

[SOX1] US Congress. Sarbanes-Oxley Act. H.R. 3763. July 30, 2002. http://www.law.uc.edu/CCL/SOact/soact.pdf

[SPML10] "Service Provisioning Markup Language (SPML) Version 1.0." OASIS. October 2003.

[SSOvsPasswordSync] Protocom Development Systems. "Single Sign-on Password Replay vs Password Synchronization." Version 1.0.0. 2003. http://www.protocom.com/whitepapers/sso_vs_passwordsync.pdf

[Unix2Win] Microsoft. "How To: Install Password Synchronization on a UNIX Host for a UNIX-to-Windows Migration." February 2, 2004. http://support.microsoft.com/default.aspx?scid=kb;EN-US;324542

[WS-Prov] IBM. "Web Services Provisioning (WS-Provisioning): Draft Version 0.7." October 17, 2003. http://www-106.ibm.com/developerworks/library/ws-provis/

Some Security Service Provisioning Vendors

Here are some URLs that describe a few leading security service provisioning vendor products. They are not exhaustive, but are good starting points for further analysis.

Abridean (abrideanProvisor). http://www.abridean.com/SubPage.php?parent=products&child=UserManagementModules&grandchild=UserManager

Blockade Systems (ManageID). http://www.blockade.com/products/index.html

BMC Software (CONTROL-SA). http://www.bmc.com/products/proddocview/0,2832,19052_19429_22855_1587,00.html

CA (eTrust). http://2004.rsaconference.com/downloads/CAbroch.PDF

Entrust. http://www.entrust.com/identity_management/specs.htm

IBM (Tivoli Identity Manager). http://www-306.ibm.com/software/tivoli/products/identity-mgr/

Novell (Nsure Identity Manager). http://www.novell.com/products/nsureidentitymanager/quicklook.html

Open Network (Universal IdP). http://www.opennetwork.com/solutions/

Sun Microsystems (Sun Java System Identity Manager, or a.k.a Waveset Lighthouse). http://wwws.sun.com/software/products/identity_mgr/index.html

Thor (Xellerate). http://www.thortech.com/product/products_xell_architecture.asp

HP (OpenView Select Identity, or a.k.a. TruLogica). http://www.managementsoftware.hp.com/products/select/index.html

Some Password Management or Password Synchronization Vendor Products

Here are some URLs that describe a few leading password management or password synchronization vendor products. They are not exhaustive, but are good starting points for further analysis.

Blockade Systems Corp's ManageID Syncserv Overview of ManageID Suite. http://www.blockade.com/products/index.html ManageID Syncserv Architecture. http://www.blockade.com/products/syncservarchitecture.html

Courion's Password Courier Overview. http://www.courion.com/products/pwc/sync.asp Architecture. http://www.courion.com/products/pwc/architecture.asp

IBM's Password Synchronization Service with Tivoli's Directory Integrator and Tivoli's Identity Manager Technical Notes. http://publib-b.boulder.ibm.com/Redbooks.nsf/RedbookAbstracts/tips0390.html?Open

M-Tech's P-synch http://www.psynch.com/docs/psynch-overview.html and http://www.psynch.com/docs/psynch-white-paper.html

Proginet's SecurPass Overview. http://www.proginetuk.co.uk/products/securpass-home.htm SecurPass-Syn. http://www.proginetuk.co.uk/pdf/securpasssync.pdf

Protocom's SecureLogin Overview. http://www.protocom.com/html/securelogin_password_manage_suite.html Self-service Password Reset. http://www.protocom.com/html/securelogin_self_service_password_reset.html

Sun's Sun Java System Identity Manager Overview. http://www.sun.com/software/products/identity_mgr/index.xml

Категории