OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Fwd: FW: [cti] Fwd: FIRST Information Exchange Policy Special Interest Group (IEP-SIG) - Call for Participation


Another policy framework initiative. 

This is both narrower in scope (only related to cyber incident reporting and management) and broader (policy for info access, but also things like permission to act on the shared info, which might stretch the capabilities of the Obligations concept) than XACML. 

I do think it expresses a requirement for the ability to enforce common policy (built on common semantics) across a pretty large community of interest. 

I don't know if this group (FIRST) has looked at XACML, etc. as a potential framework for their requirements. They are apparently on a very fast track, trying to get something to present this summer. Anyone have any knowledge of this effort? 

Martin






---------- Forwarded message ----------
From: Modlin, Julie K. <Julie.Modlin@jhuapl.edu>
Date: Thu, Apr 28, 2016 at 10:40 AM
Subject: FW: [cti] Fwd: FIRST Information Exchange Policy Special Interest Group (IEP-SIG) - Call for Participation
To: "Martin Smith (bfc.mclean@gmail.com)" <bfc.mclean@gmail.com>


Martin,

Based on a very cursory review of some comments on the XACML lists (Biggest gap in XACML?  Inability within the standard to exchange obligations between organizations for the post receipt handling of labeled information.), I thought you might be interested in this work by FIRST on an Information Exchange Policy (IEP) Framework.

Julie

 

From: cti@lists.oasis-open.org [mailto:cti@lists.oasis-open.org] On Behalf Of Terry MacDonald
Sent: Thursday, April 07, 2016 6:14 PM
To: cti@lists.oasis-open.org; cti-users@lists.oasis-open.org
Subject: [cti] Fwd: FIRST Information Exchange Policy Special Interest Group (IEP-SIG) - Call for Participation

 

Hi All,

 

The FIRST Information Exchange Policy Special Interest Group (IEP-SIG)  have very recently announced the FIRST IEP-SIG Call for Participation. The Information Exchange Policy is designed to help information producers specify how recipients have to handle the producers data, who they can share it with and what they are allowed to do with the producers data. It is designed to extend TLP in a useful way.

 

I have very high hopes for the IEP, and I think it would be excellent to use this within STIX as the data marking mechanism. The examples that have been provided are all in JSON, so it would work perfectly.

 

As mentioned below, anyone can participate in the IEP-SIG, including organizations who are not members of FIRST. If you would like to join the IEP-SIG then please email the FIRST Secretariat first-sec@first.org

 

Cheers

 

Terry MacDonald | Chief Product Officer

 

 

 

 

 

 

---------- Forwarded message ----------
From: Paul McKitrick <pmckit@microsoft.com>
Date: Fri, Apr 1, 2016 at 3:40 PM
Subject: FIRST Information Exchange Policy Special Interest Group (IEP-SIG) - Call for Participation
To: "first-teams@first.org" <first-teams@first.org>, "iep-sig@first.org" <iep-sig@first.org>
Cc: Steve Mancini <smancini@cylance.com>, Terry MacDonald <terry.macdonald@cosive.com>, Merike Kaeo <merike@fsi.io>, "Paul McKitrick (NZITF)" <paul@nzitf.org.nz>

Hi FIRST teams,

 

The FIRST Information Exchange Policy Special Interest Group (IEP-SIG) Co-Chairs are pleased to announce the FIRST IEP-SIG Call for Participation.

 

Anyone can participate in the IEP-SIG, including organizations who are not members of FIRST, and we would like a global representation and cross section of participants including National CERTs, incident responders, security vendors, community stewards, policy writers, and lawyers. If you would like to join the IEP-SIG then please email the FIRST Secretariat first-sec@first.org.

 

Please find the following documents attached:

·         The FIRST IEP-SIG Call for Participation - FIRST IEP-ISG Call for Participation.pdf

·         The proposed draft of the FIRST IEP Framework v1.0 - FIRST IEP Framework 1.0 (draft).pdf

·         A recent presentation by the IEP-SIG Co-Chairs that provides some background context to this problem space (please note that some affiliations have changed since the time of this presentation) - MSRA 2015 - Automating Information Exchange.pdf

We look forward to your participation and contributions to initiative over the coming months.

 

Regards,

Paul.

 

Paul McKitrick

Senior Security Strategist

Microsoft Security Response Center

 

Office:   +1 425 704 0338

Mobile:  +1 425 749 0811

pmckit@microsoft.com

MSFT_logo_small

 

 

 




--
Martin F Smith, Principal
BFC Consulting, LLC
McLean, Va 22102
703 506-0159
703 389-3224 mobile
---------------------------------------------------------------------
To unsubscribe from this mail list, you must leave the OASIS TC that 
generates this mail.  Follow this link to all your TCs in OASIS at:
https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php 

Attachment: MSRA 2015 - Automating Information Exchange.pdf
Description: Adobe PDF document

Attachment: FIRST IEP Framework 1.0 (draft).pdf
Description: Adobe PDF document

Attachment: FIRST IEP-SIG Call for Participation.pdf
Description: Adobe PDF document



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]