The Jericho Forum: De-perimeterisation of network resources

Paper i proceeding, 2005

The Jericho forum is a consortium of large corporations that have proposed a new architecture for network protection, a “de-perimeterised” architecture where organisations no longer have to hide behind a firewall. In this paper, we describe the design of a distributed network architecture where the need for conventional firewalls diminishes and where services can be offered to users regardless of their physical location. In this architecture, all systems should be able to protect themselves against network threats while security functions such as authentication and authorisation are handled at a global level. The result is that each individual server does not have to implement these functions and from a user point of view, functionality such as single sign-on becomes a possibility. The use of open protocols and standards is important and therefore technologies like Kerberos, IPSec, SSL and SSH will be used. Furthermore, the architecture must support older applications and application servers as well, e.g. legacy servers that cannot be modified to implement the new functionality. These should still work either with of some kind of decreased functionality or with full functionality provided by additional modules or front-end hardware that implements the new security functions.