Directories for Inter-Enterprise Collaboration

Eric Burger, PI

S2ERC Planning Workshop2

The State of the Art

• Enterprises with secure networks

• Keep bad guys out• Keep data in

S2ERC Planning Workshop3

The Problem

• Good guys cannot get in

• Collaboration data cannot get out

• People cannot get their jobs done

S2ERC Planning Workshop4

The Problem

• Good guys cannot get in

• Collaboration data cannot get out

• People cannot get their jobs done

Sometimes our security technology works too well

S2ERC Planning Workshop5

Why Don’t We Use Existing Protocols?

• Technology– Incompatible

protocols– Different methods of

manipulating security infrastructure

• Policy– Impact of laws,

regulations, economics

– Leads to non-obvious behavior

NOTICEIf It’s Stupid But

WorksIt’s Not Stupid

In theory, there is no difference between

theory and practice. In practice, there is.– Yogi Berra

S2ERC Planning Workshop6

Overarching Philosophy

• Do not build theoretically perfect protocol first

• Find out what enterprises can deploy first

• Then build the appropriate protocol

S2ERC Planning Workshop7

Telepresence As an Example

S2ERC Planning Workshop8

Problem

S2ERC Planning Workshop9

Why? What is Different Here?

• Public companies– Due standard of

care for proprietary information

– SOX

• Health care: HIPPA• Financial Services:

BASEL III

January 22, 2012

Cameras May Open Up the Board Room to HackersBy NICOLE PERLROTH

SAN FRANCISCO — One afternoon this month, a hacker took a tour of a dozen conference rooms around the globe via equipment that most every company has in those rooms; videoconferencing equipment.

With the move of a mouse, he steered a camera around each room, occasionally zooming in with such precision that he could discern grooves in the wood and paint flecks on the wall. In one room, he zoomed out through a window, across a parking lot and into shrubbery some 50 yards away where a small animal could be seen burrowing underneath a bush. With such equipment, the hacker could have easily eavesdropped on privileged attorney-client conversations or read trade secrets on a report lying on the conference room table.

S2ERC Planning Workshop10

• How can an enterprise enable a partner to discover endpoint addresses?

• How can an enterprise that needs to keep endpoint addresses private advertise those addresses to partners?

• How can an enterprise share this information with select individuals at partner enterprises?

Technology Issues to Overcome

S2ERC Planning Workshop11

• Impetus for closing the network are– Public policy– Law– Regulation– Economics (e.g., competitive advantage)

• Need to work out these issues before we solve the technology

• Goal: Create tailored trustworthy space for real-time communications

Issues Are Not Technology

S2ERC Planning Workshop12

Project Proposal

S2ERC Planning Workshop13

• Survey companies, agencies, and departments

• Identify factors that inhibit interconnection

• This is relevant to the industry as there are many anecdotes as to why enterprises do not interconnect, but there is no published data on the problem

Project: Policy Investigations

S2ERC Planning Workshop14

• Survey planning, construction, execution, responses

• Time: 9 months wall• Budget: $210,000• PI: Lead by CBPP

Plan: Economic / Policy Investigations

S2ERC Planning Workshop15

• Analyze directory federation technology

• Provide gap analysis• Time: 2 months• Budget: $50,000• PI: Eric Burger

Plan: Technology Investigations

S2ERC Planning Workshop16

• Expect to use member intellectual property

• Will be a project in the GCSC

Plan: Secure Inter-Enterprise Directory Protocol