OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

wsdm message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [wsdm] [UPlat] Input on Security for UPlat

I propose that we state the following about security.

Management Need

Resources have to be manageable in a secure way (see definition of security). Security is composable on top of the manageability exposed via Web services, similar to securing any other capability of a resource exposed via a Web service. For example, access to a manageability operation can be granted to only clients that present "manager's identity" in a request message.

Security must be manageable, preferably via Web services. For example, identity or access assertion can be verified by issuing a request to a security Web service.

-- Igor Sedukhin .. (igor.sedukhin@ca.com)
-- (631) 342-4325 .. 1 CA Plaza, Islandia, NY 11788

-----Original Message-----
From: John DeCarlo [mailto:jdecarlo@mitre.org] 
Sent: Tuesday, October 14, 2003 9:48 AM
To: ECKERT,ZULAH (HP-Cupertino,ex1); WSDM TC
Subject: [wsdm] [UPlat] Input on Security for UPlat


This is my input for the [UPlat] group.  Zulah suggested I send it to the whole list for review.  I tried to keep it short (1-2 paragraphs was suggested), rather than start a book on the subject, but that also means some key points may be misworded or skipped.  So any comments are welcome.


[UPlat] Security.


Information/Computer Security. There are many ways to categorize information security, but the most common today is represented by the letters C, I, A:  Confidentiality, Integrity, and Authentication.
Additional concepts that can be arguably kept separate are:  Access Control, Nonrepudiation, Availability, and Privacy.

Confidentiality.  Preventing unauthorized entities from accessing information or resources.

Integrity.  Making sure that when authorized entities access information, it is either not changed or any changes are detectable.

Authentication.  Making sure that entities are who/what they claim to be.

Access Control.  Making sure that entities can only access services, resources, or information that they are authorized for.

Nonrepudiation.  Making sure the sender of a message can not deny having sent the message.

Availability.  Making sure a service or resource can be accessed by authorized users.  While this goes beyond security, security is expected to address denial of service attacks.

Privacy.  Making sure that information on entities is used only for the express purposes allowed.

Management Need

Management of a resource can have a huge impact on the operation of the resource.  As such, it has higher security requirements than most of the business services.  However, management and business services share many security requirements, so having a separate security infrastructure is needed.  Also, that security infrastructure needs to be managed.

There is also a requirement for manageable resources to be able to be created, operate, and be turned off in the absence of access to a security infrastructure.

MUWS Requirements
2.1.5 Security (E) [SEC]

[SEC.001] The Manageability Interface MUST enable secure management, as dictated by the threats of the environment. This includes (but is not limited to) support for the functionality described in the sub-requirements, SEC.001.1-6.

[SEC.001.1] The Manageability Interface SHOULD support having the manager authenticate the manageable resource.

[SEC.001.2] The Manageability Interface SHOULD support having the manageable resource authenticate the manager.

[SEC.001.3] The Manageability Interface SHOULD support an underlying mechanism that guarantees the integrity of the messages exchanged.

[SEC 001.4] The Manageability Interface SHOULD support an underlying mechanism that guarantees the confidentiality of the messages exchanged.

[SEC 001.5] The Manageability Interface SHOULD not preclude establishing, using, and managing trust relationships.

[SEC.001.6] The Manageability Interface SHOULD support access control (such as distinguishing between the ability to view and the ability to
change) for management information, operations and event notifications at appropriate granularity.  Access SHOULD be controllable by role (the security mechanism being used will determine what “role” means).  For example, an internal manager should have greater control than a manager being run by a partner.

[SEC.002] The Manageability Interface MUST be NAT and firewall "friendly", meaning that the interface MUST NOT require additional support in NAT and firewall products, and that sufficient information MUST be provided for a firewall proxy to inspect the management messages.

[SEC.003] The Manageability Interface MUST not increase security risks or enlarge security exposures.

[SEC.004] The Manageability Interface MUST allow a self-contained, fallback security model, for use when the security infrastructure is not available.

[SEC.005] The Manageability Interface MUST be able to be used to manage a Security Infrastructure

[SEC.005.1] The Manageability Interface MUST allow operational capabilities on security features (e.g., enable, disable).  Security configuration SHOULD only be allowed via the Manageability Interface if appropriate access controls are in place.

Other Related Work
o) ebXML Registry Security Services SC (Sub of ebXML Registry TC)
o) Security Services TC
o) Web Application Security TC
o) Web Services Security TC


John DeCarlo, The MITRE Corporation, My Views Are My Own
email:      jdecarlo@mitre.org
voice:      703-883-7116
fax:        703-883-3383
DISA cube:  703-882-0593

To unsubscribe from this mailing list (and be removed from the roster of the OASIS TC), go to http://www.oasis-open.org/apps/org/workgroup/wsdm/members/leave_workgroup.php.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]