OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

smartgrid-discuss message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [smartgrid-discuss] more thoughts (2 parts)

I don't disagree that the solution can range widely in complexity,
David.  What I'm trying to get a handle on are the requirements.
Are they explicitly defined anywhere, or are they yet to be defined?
Thanks.

Arshad Noor
StrongAuth, Inc.

David RR Webber (XML) wrote:
> Arshad,
>  
> You can make this insanely complex or really simple.  I'd want my home 
> to talk only to devices and systems I had authorized it to - so I 
> maintain control. Avoiding complexity on the network end. Using 
> certificates I can authenticate who and what I'm talking to.  That seems 
> simplest, yes?  I can have partner agreements determining what they are 
> allowed to do with information they receive from my system(s).
>  
  > Thanks, DW

>     -------- Original Message --------
>     Subject: Re: [smartgrid-discuss] more thoughts
>     From: Arshad Noor <arshad.noor@strongauth.com>
>     Date: Wed, December 10, 2008 9:58 pm
>     To: smartgrid-discuss@lists.oasis-open.org
> 
>     As I am somewhat new to this list - and to this sector - I am a
>     little in the dark about how things are today and how things are
>     being designed for the future. I trust the forum will be patient
>     with some of my questions in the short-term.
> 
>     Since the smart grid forum is discussing potential new standards
>     for messages, and since so much of our economy is based on the use
>     of computers and networks, is there an articulation of the security
>     goals for this bold future (other than "it must be secure") when
>     its business will be conducted using computers & networks?
> 
>     I am specifically interested in business-level requirements for
>     securing messages between players in this industry for:
> 
>     1) Message Authenticity;
>     2) Message Integrity; and
>     3) Data Confidentiality.
> 
>     I'm not specifically interested in these attributes when messages
>     are traversing the networks, but when they are in a database of
>     a 24/7 application on servers, or when they're on a flash-based
>     EEPROM of some "smart-meter" where the homeowner or business-owner
>     has pre-configured rules for demand reduction. How will these
>     "messages" be protected from attack and being compromised at the
>     source and destination?
> 
>     Do such requirements exist somewhere, where one can read them and
>     come upto speed?
> 
>     Thanks.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]