keywords: multilateral security, middleware, CORBA, telecommunications, TINA

abstract  The concept of middleware based architectures for telecommunication services in the broadband, multimedia, and information era is emerging. One representative example is the Telecommunications Information Networking Architecture (TINA), which is characterised by a variety of services, a multitude of service providers, a well defined business model, a middleware platform for service development and provision, and the assumption of advanced costumer premises equipment. Concepts for its security architecture are developed in the CrySTINA project. We introduce TINA, analyse it with regard to security and present the CrySTINA security architecture. CrySTINA is aligned with the OMG`s CORBA Security specification, but enhances it with regard to security interoperability despite the heterogeneity of security policies and technologies that must be expected in TINA networks. Thus, we present a model for the enforcement of security policies that supports the negotiation of security contexts.