Standards in commercial security

With the spread of the adoption of standards in commercial systems, where the operation of the computing environment may be essential to the success of a companies business, the need for inclusion of security in open system environments is becoming recognised. Across the areas of open system standardisation extensions to the base standards are being defined to facilitate secure interworking. These include: security extensions the EDIFACT EDI message standards; security for the IEE 1003 POSIX, UNIX based operating system interface standards; security facilities for OSI application standards such as the CCITT X.400 message handling system and X.500 directory system; the OSI network and transport layer communications security protocols as well as the IEEE 802 secure LAN standard; and the OSI physical layer encryption device interface. The paper outlines the approach taken in each of these areas and suggests the relative role of the different placements and forms of security