mqtt message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]
Subject: Clarification regarding MQTT Security SC deliverables.
- From: Richard J Coppen <COPPEN@uk.ibm.com>
- To: mqtt@lists.oasis-open.org
- Date: Fri, 9 Aug 2013 21:54:32 +0100
Hi all,
Geoff Brown, Chet Ensign and I held
a brief meeting this evening to agree how best to deliver MQTT security
content.
In summary, the proposal is as follows:
- Implementation level security content
(e.g., TLS, cipher specs and general security awareness) should form part
of the core MQTT specification / standard.
- Specific guidance aimed at those wishing
to certify MQTT solutions against security standards (such as NIST or IEC)
should be delivered as 'self contained' committee specifications.
- The core MQTT specification / standard
should clearly reference and link to these dedicated committee specifications.
This is similar to the approach
taken by other OASIS TC's and has a number of advantages:
-
- Core protocol content can be developed
independently of referenced material.
- Detailed security guidance is made available
to MQTT specification consumers.
- Delivery timelines are decoupled.
- The MQTT Security SC has more scope
to focus on individual standards.
- The MQTT TC retains the option to grow
a range of industry specific security profiles over time.
Best regards
Richard
|
|
Richard Coppen CEng
FBCS
Co-chair OASIS MQTT Technical
Committee
| IBM United Kingdom
|
|
Software Engineer
| Hursley Park
|
WebSphere MQ
| Winchester
|
|
| SO21 2JN
|
|
Phone:
| +44 (0)1962 817164
| England
|
|
e-mail:
| coppen@uk.ibm.com
|
|
|
blog:
| testingblues.com
|
| |
Unless stated otherwise above:
IBM United Kingdom Limited - Registered in England and Wales with number
741598.
Registered office: PO Box 41, North Harbour, Portsmouth, Hampshire PO6
3AU
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]