The Open Group Research Institute is incorporating Java into its intranet strategies.
By Vania Joboloff
In August 1996, this column discussed the work that The Open Group Research Institute (RI) is doing on a secure infrastructure for enterprise intranets. The problem this work addresses is that of taking technology--World Wide Web protocols, clients and servers, and other tools--designed for open access to public information by an unknown and arbitrary set of users, and making it suitable for delivering selective access to sensitive information by a known set of users or groups. This technology provides an infrastructure for secure enterprise use of the Web based on the Open Software Foundation's Distributed Computing Environment (OSF DCE). The Open Group's secure web technology provides a set of client, server and other software that enterprises can use for secure access to Web documents, server scripts and other services made available via the Web interface.
The secure web technology can provide mutual authentication of Web clients and servers, encrypted and integrity-protected channels for communication of Web data, and individual- and group-identity-based access control over Web documents. Using the DCE cell model, an enterprise can use products based on this technology to establish a consistent set of security policies over any realm of Web users, documents and services. In addition, the secure web technology provides a means for integration between its security and online commerce mechanisms--such as the secure sockets layer (SSL)--currently being deployed on the Web.
The Open Group secure web technology provides other important services. For example, it uses the DCE naming services to provide for location-independent addressing of Web documents. This means that secure web URLs will not become stale when documents and servers are moved. It also makes possible efficient replication of documents, as multiple copies of a document can be addressed via the same universal resource locator (URL). Secure web technology sets the stage for business use of the Web in a way that current Web technology cannot support.
The Open Group RI is further enhancing intranet technology by enabling an implementation of Sun's Java programming language to make use of the secure web DCE services. In this way, enterprises can extend Java as a platform-independent programming language to include the creation of DCE clients and servers that benefit from the DCE security services. This project will make DCE services available to Java programmers through a class library that will directly invoke DCE native methods residing on the platform. Application programmers generally will not be aware of the underlying mechanisms, because they are focused at the higher-level functionality of the class library. As a result, it will be possible to distribute corporate-wide client software as Java applications that will use the capabilities of the secure Web and be integrated into the network computer "webtop."
One concern with the deployment of distributed services has been the development of client-side user interfaces. Each time a new service is developed, the user interface must be developed and ported to all platforms used inside the organization. This has slowed down the deployment of client/server applications. With Java, applications and the user interface can be written and compiled once, then distributed to all platforms; software upgrades may be distributable through the network. RI believes that Java will become an important component of the intranet as a preferred mechanism to distribute client user interface software for accessing various intranet application services.
To become the lingua franca of the corporate intranet, Java requires enhancements in areas besides security. Performance will be an issue for many applications. As an interpreted language, Java may not be the best choice for applications that demand rapid response times. RI is addressing this issue through the creation of an "on-the-fly" Java compiler that will transform the Java byte code into the native executable code for each platform on which it runs. This approach has the benefit of maintaining Java as a platform-independent software distribution format while bringing performance up to expectations for corporate applications.
The institute also has projects under way to develop Java-based distributed and mobile objects and agents, and to develop improvements for high assurance, increased security, realtime scheduling and high performance in embedded and enterprise environments.
Security and programming languages are only two of the key areas where The Open Group Research Institute is helping to advance research and development of enterprise intranet technology. Other areas include development of a scalable, highly available Web server (SHAWS) and a secure domain gateway (SDG).
SHAWS will run on top of popular operating systems and Web servers and provide scalability, fault tolerance and security/authentication in a Web server cluster. SDG will provide secure access for non-DCE-enabled Web clients (those using SSL) to a SHAWS-enabled server or any server incorporating the Research Institute's DCE-enabled multiprotocol secure web server technology. SDG supports multiple authentication schemes; for example, it can map client public key certificates to secure web DCE principal or group identities. Similarly, SSL can be used as a secure channel, so users can safely use the basic authentication capability built into browsers to login directly to a DCE-secured Web.
Vania Joboloff is Java program director for The Open Group Research Institute in Grenoble, France. He can be reached at email@example.com.