[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [cti-stix] Re: [cti-cybox] Re: [cti-stix] Re: [cti-cybox] Re: [cti-stix] Re: [cti-cybox] Re: [cti-stix] Re: [cti-cybox] Re: [EXT] [cti-cybox] Agenda for August 8 Working Call
> But even just a simple binary switch on *sending* IEP-marked data seems more sensible than relying on the receiver to filter out thing they shouldn't have received in the first place.
This is feasible from an ACL perspective, but not from a software capability perspective. As a sender of information, I know which user accounts have which permissions, and can control access accordingly. I have no way of knowing if the receiving software will honor the IEP markings, unless it is mandated in the spec. Maybe we are talking about the same thing. I agree with only sending marked data to those who have permission to get it. However, how will I know if the person/org with permission has _software_ that’s capable of processing what I’m sending? I know of two ways – content negotiation and rules in the spec.
Well, certainly signalling that the software is capable
of understanding IEP at all is useful; however it's merely changing the
clearance of the receiver.
For IEP, you obviously don't want to transmit the data
unencrypted if the IEP indicates it must be encrypted, but a receiver might
understand IEP but be incapable of storing the data encrypted at rest -
you're then reliant on the receiver being honest when it receives data
which stipulates that. Again, this becomes a trust (and therefore clearance)
issue - do you trust the receiver to honour that bit in the IEP? Should
you really be sending data to the receiver if it cannot store it properly
in the first place?
Dave.
--
Dave Cridland
phone +448454681066
email dave.cridland@surevine.com
skype dave.cridland.surevine
Participate | Collaborate | Innovate
Surevine Limited, registered
in England and Wales with number 06726289. Mailing Address : PO Box 1136,
Guildford GU1 9ND
If you think you have received
this message in error, please notify us.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]