170 likes | 292 Views
Directories for Inter-Enterprise Collaboration. Eric Burger, PI. The State of the Art. Enterprises with secure networks Keep bad guys out Keep data in. The Problem. Good guys cannot get in Collaboration data cannot get out People cannot get their jobs done. The Problem.
E N D
Directories for Inter-Enterprise Collaboration Eric Burger, PI
The State of the Art • Enterprises with secure networks • Keep bad guys out • Keep data in S2ERC Planning Workshop
The Problem • Good guys cannot get in • Collaboration data cannot get out • People cannot get their jobs done S2ERC Planning Workshop
The Problem • Good guys cannot get in • Collaboration data cannot get out • People cannot get their jobs done Sometimes our security technology works too well S2ERC Planning Workshop
Why Don’t We Use Existing Protocols? NOTICE • Technology • Incompatible protocols • Different methods of manipulating security infrastructure • Policy • Impact of laws, regulations, economics • Leads to non-obvious behavior If It’s Stupid But WorksIt’s Not Stupid In theory, there is no difference between theory and practice. In practice, there is. – Yogi Berra S2ERC Planning Workshop
Overarching Philosophy • Do not build theoretically perfect protocol first • Find out what enterprises can deploy first • Then build the appropriate protocol S2ERC Planning Workshop
Telepresence As an Example S2ERC Planning Workshop
Problem S2ERC Planning Workshop
Why? What is Different Here? • Public companies • Due standard of care for proprietary information • SOX • Health care: HIPPA • Financial Services: BASEL III January 22, 2012 Cameras May Open Up the Board Room to Hackers By NICOLE PERLROTH SAN FRANCISCO — One afternoon this month, a hacker took a tour of a dozen conference rooms around the globe via equipment that most every company has in those rooms; videoconferencing equipment. With the move of a mouse, he steered a camera around each room, occasionally zooming in with such precision that he could discern grooves in the wood and paint flecks on the wall. In one room, he zoomed out through a window, across a parking lot and into shrubbery some 50 yards away where a small animal could be seen burrowing underneath a bush. With such equipment, the hacker could have easily eavesdropped on privileged attorney-client conversations or read trade secrets on a report lying on the conference room table. S2ERC Planning Workshop
Technology Issues to Overcome • How can an enterprise enable a partner to discover endpoint addresses? • How can an enterprise that needs to keep endpoint addresses private advertise those addresses to partners? • How can an enterprise share this information with select individuals at partner enterprises? S2ERC Planning Workshop
Issues Are Not Technology • Impetus for closing the network are • Public policy • Law • Regulation • Economics (e.g., competitive advantage) • Need to work out these issues before we solve the technology • Goal: Create tailored trustworthy space for real-time communications S2ERC Planning Workshop
Project Proposal S2ERC Planning Workshop
Project: Policy Investigations • Survey companies, agencies, and departments • Identify factors that inhibit interconnection • This is relevant to the industry as there are many anecdotes as to why enterprises do not interconnect, but there is no published data on the problem S2ERC Planning Workshop
Plan: Economic / Policy Investigations • Survey planning, construction, execution, responses • Time: 9 months wall • Budget: $210,000 • PI: Lead by CBPP S2ERC Planning Workshop
Plan: Technology Investigations • Analyze directory federation technology • Provide gap analysis • Time: 2 months • Budget: $50,000 • PI: Eric Burger S2ERC Planning Workshop
Plan: Secure Inter-Enterprise Directory Protocol • Expect to use member intellectual property • Will be a project in the GCSC S2ERC Planning Workshop