CORBA Security: An Introduction to Safe Computing with Objects (The Addison-Wesley Object Technology Series)

The world of information security is replete with conjecture, confusion, and outright fiction. In brilliant contrast, Bob Blakley's "CORBA Security - An Introduction to Safe Computing with Objects" stands as a testimony of precision, clarity, and truth, with one exception: the book's title. While the volume addresses architectural aspects of CORBA Security and provides a healthy discussion of object-specific security issues, it is really about a much more pervasive subject. Namely, how the fundamental tenant of Security Policy design can and should be woven through Identity, Authentication, Privilege, and Access Control. It also tackles two of the most misunderstood, yet critical security issues in modern N-tier distributed systems: Delegation and Non-Repudiation. The writing style, like the author himself (whom I'm acquainted with on a processional level) is modest, direct, and inclusive. All terminology is progressively defined and clearly communicates the underlying concepts. As a budding security architect and veteran software engineer I highly recommend this book to managers, system designers, security administrators, and members of the legal and causality communities. In short anyone needing a deeper understanding of policy-driven, distributed computer security systems, CORBA or no CORBA."CORBA Security" is very much in the classic vein of "The Elements of Style" (E.B. White) - concise, accessible, and durably relevant. A true classic!

I would highly recommend this book for organizations needing "information security (INFOSEC)" as it pertains to the Object Management Group's (OMG's) Common Object Request Broker Achitecture (CORBA) standard. The book takes a less technical overview to the OMG CORBASecurity specification and what CORBASecurity standard is trying to accomplish. It does this by using less technical jargon and acronyms which are sometimes confusing to neophytes unfamiliar with the very technical and complex world of INFOSEC. In my view, the most important part of the book is its last chapter (i.e., Chapter 10 entitled "Questions to Ask Your Secure Object System Vendor"). Why? Because this chapter outlines thirteen questions that end user organizations can ask their vendors (in this case, Object Request Broker (ORB) vendors and referred to in the book as "secure object system vendors"). These thirteen questions are simple security questions that will get to the bottom line of capabilities of what ORB vendors may or may not supply with their ORB's security service. Thus, it can be used as a buyers guide to the types of security capabilities that your organization may desire with an ORB product.