[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [wsdm][security-action item] Summary of discussion as of 7/8/04
Andreas Dharmawan wrote:
>
. . . . . . .
> *_Security of Manageability vs. Manageability of Security_* (Jeff Bohren)
>
> *
> *Security of Manageability* - The security of the Manageability
> Provider and the underlying communications protocols. How are
> the management requests authenticated? How are management
> requests authorized and audited?
> *
> *Manageability of Security* - What security information on the
> managed resource can be managed by the Manageability Provider.
> How is this information presented to the Manager. In MOWS, there
> is the specific use case of managing the configuration of the
> Web Service Security infrastructure for that web service (among
> other things).
>
> *_Security Considerations between Manager and Manageability Provider_*
> (Andreas Dharmawan)
>
> *
> In an enterprise there will be many manageability resources that
> belong to many different departments.
> *
> Multiple managers may involve in the management of different
> resources from different departments.
> *
> Managers may be interacting with the manageability providers
> from the intranet, extranet, and intranet.
> *
> Samples of security considerations:
> o
> Authentication and Authorization
> o
> Confidentiality
> o
> Non-repudiation
> o
> Schema Validation
> o
> Standard Compliance
> *
> The same manager may be required to use different kinds of
> credentials when accessing a manageable provider based on
> whether s/he in the intranet, extranet, or internet.
>
>
"Integrity" would appear to be another very common and important
"security" consideration.
Also, just out of curiosity...... do you really mean Standards
Compliance or do you actually mean Standards Conformance? According to
the ISO standard of relevance (ISO 10746-1: Open Distributed Processing
Reference Model - Part 1: Overview and Guide to Use) (quoting verbatim
from section 9.2):
"Conformance is a relation between a specification and a real
implementation, such as an example of a product. It holds
when specific requirements in the specification (the conformance
requirements) are met by the implementation.
Conformance assessment is the process through which this relation is
determined."
"Compliance is a relation between two specifications, A and B, that
holds when specification A makes requirements
which are all fulfilled by specification B (when B complies with A)."
Thanks,
Jishnu.
--
Jishnu Mukerji
Senior Systems Architect 1001 Frontier Road, Suite 300
Technology Office Bridgewater NJ 08807, USA
Management Software Organization Tel: +1 908 243 8924
Hewlett-Packard Company Fax: +1 908 243 8850
mailto: jishnu@hp.com
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]