[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: Promote "Optional Signature" to Requirement
Bob,
The idea of the ESA requirements analysis scheme is to uncover the
requirements that tend to be embedded in architecture. It is not a question
of requirements having higher status than architecture. Each architectural
statement must be supported by a requirement statement. Each requirement
statement must either have one or more architectural elements that satisfy
it or an explanation as to why it was not met. The idea is that the
architecture contains all the statements that make it into code:-)
The basic idea of the analysis is to be able to identify the reasons
behind the design after the fact. A big problem with IETF specs is that a
lot of the design rationale is lost and you have to find someone from the
original team if you want to fiddle with it. This in turn leads to
superstitious treatment of features whose justification is long gone or
inapplicable.
We can try a different method of structuring the dialogue on the
list. However I am anxious to avoid the typical IETF approach in which
requirements, design elements etc are all thrown onto the list and have half
of them forgotten in the drafts...
I would add the following two requirements:-
[R-IntraDomain] Efficiently support communication of auth data intra domain.
{describe bob's scenario here}
[R-IdentifyMessages] Distinguish between messages from different versions of
the protocol.
Then add in Bob's solutions to the problems in the architecture piece pretty
much as is.
An alternative solution to [R-IdentifyMessages] is to use the XML name
space.
Phill
> -----Original Message-----
> From: George_Robert_Blakley_III@tivoli.com
> [mailto:George_Robert_Blakley_III@tivoli.com]
> Sent: Thursday, January 25, 2001 5:30 PM
> To: Philip Hallam-Baker
> Cc: security-core@lists.oasis-open.org
> Subject: Promote "Optional Signature" to Requirement
>
>
> Phil et. al.:
>
> I'd like to propose that Optional Signatures is a
> requirement, not just an
> option.
>
> Here's the justification:
>
> [R-Optional-Signatures] Name assertions and property assertions are
> statements by an authority about the validity of
> asserted values of name-value pairs. It
> should be possible
> to tailor the mechanism of assertion
> to both the threat environment and other
> constraints. Thus,
> if the assertion is coming from a
> directory to a boundary server, in response to a user
> contacting the boundary server and proving
> his/her name, and if the link between the
> directory server
> and the boundary server is known to be
> strongly protected, and if the boundary server
> trusts the
> directory's authority, there should be no
> need for a signature *or any other protection*
> applied to
> the assertion token. Furthermore, there
> is a good reason NOT to apply a signature or other
> protection, as it will degrade performance and
> impose a requirement for the boundary server and the
> directory to share a key distribution mechanism.
> This example generalizes to many others.
>
> The requirement therefore is to
>
> (1) Include in the assertion token structures
> an OPTIONAL
> signature field, which will syntactically
> accomodate both public-key signatures and symmetric-key
> mechanisms, and
>
> (2) Require protocol bindings to state whether
> use of this
> field is mandatory in the context of
> the particular binding, and
>
> (3) Require protocol bindings to state which
> mechanisms MUST
> be supported, which mechanisms
> MAY be supported, and which mechanisms MUST NOT be
> supported.
>
> While I'm at it, I'd like to propose another requirement:
>
> [R-Versioned-Tokens] All assertion tokens defined in this
> specification
> should include "version" as a required field.
> The version format should permit designation
> of both major
> versions and minor versions within
> major versions. The version of tokens defined in this
> release of the specifications should be
> 1.0.
>
> --bob
>
> Bob Blakley
> Chief Scientist, Security
> Tivoli Systems, Inc.
>
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC