An enterprisewide distributed computing environment must be secure against unauthorized access to data or other resources from outside and inside. Security boundaries for each individual must be tightly constrained to the information and resources required by that person to carry out assigned work. People with regional privileges should be able to access and control resources only in a well-defined domain.
To avoid security breaches, clear text control information, such as passwords, should not be allowed on the network. The security mechanism must interoperate with other open system security mechanisms, such as those supported by DCE. Guest accounts and similar nonauthenticated accounts should not be allowed.