Model Driven Security Policy Automation

On this blog, ObjectSecurity co-founder and CEO Ulrich Lang discusses security policy automation and model-driven security. The aim of this blog is to advocate advance the state of the art in this area through exchange of ideas. www.modeldrivensecurity.org - www.policyautomation.org - www.objectsecurity.com

Friday 28 March 2008

The need for standards *NOW*

We need standards for Model Driven Security. There are primarily two reasons for this:

  1. we need to avoid vendor lock-ins, because they will hurt end-users and vendors alike.
  2. we need to avoid market fragmentation into dozens of products that have their own way of expressing security models

If industry is not commited to preventing vendor lock-ins and market fragmentation, then Model Driven Security would take much longer to become mainstream. Also, the shakeout in the market would be bloodshed, where innovation typically goes out of the window.

As a consequence, ObjectSecurity and several OMG members have come together at the Object Management Group (OMG) consortium to work towards a Model Driven Security Policy standard. This standard should specify a common vocabulary which allows policies to be transferable between different vendors' tools. An RFI has just been issued by the OMG.

Please contact us if you would like to know more about this.