Due to certain key members needing to leave the conference early, it was necessary to
re-schedule a Security Forum members-only meeting in parallel with:
- the Real-time Security Group on Tuesday afternoon
- the Identity Management meeting, all day on Wednesday 5th Feb.
The Security Forum is monitoring the RTES Security Group's activities on protection
profiles, and regretted its inability to join them as planned.
The Security Forum is also an active participant in the Identity Management work, so
this unfortunate scheduling clash required members to have to choose which of the 2
meetings to attend on the Wednesday, resulting in dilution of Security member involvement
in both meetings. In the end however, only the work on RTES Security protection profiles
and on the Managers Guide to Data Privacy suffered directly from this dilution, because
the other Security Forum work was revisited on Thursday and Friday.
Review Protection Profiles for Real-Time Security
Due to a late change to the Security Forum agenda which forced a meeting scheduling
conflict, the Security Forum was unable to join with the Real-Time Security Group on the
Tuesday afternoon to engage in their meeting on their current draft restricted-kernel
Protection Profile. This profile had been made available efore the Burlingame meeting to
Security Forum members, for their review in preparation for this meeting.
Security Forum members will review the report and revised deliverables resulting from
this RTES Security Group meeting, and will engage in joint future review activities as
appropriate.
Managers Guide to Identity/Authentication
Steve Mathews (Articsoft) is contributing this Guide. On Tuesday afternoon
(16.00-17.30) he presented his proposal for the structure and approach to writing it.
In his introduction slides, Steve described the
background and approach he has developed in discussion to date with Ian Dobson. The issues
surrounding authentication are about span of control and ability to rely upon information
on which you place reliance. The current PKI technology has been developed around the
concept of being able to authenticate the identity of entities – people, machines,
information. But PKI is not the only variant in town, although the name is well recognized
security practitioners and is generally accepted by major suppliers. The objective of this
Guide is to bring out the main issues that will enable non-technical business managers to
understand what PKI and alternative solutions can (and can not) deliver as business
benefits to their IT operations.
Steve plans to describe this using scenarios that show authentication, and then develop
from these the prime business purposes it serves, and how PKI can do it and the commonest
alternative ways to do what is needed. The scenarios he
proposes to use are:
- Accessing a computer
- Sending confidential e-mail or files
- Gaining access to a remote computer or network
- Protecting a file on a local computer
- Making an Internet purchase
- Approving an expense request
- Witnessing a contract
- PKI identity registration
- Other identity registration
Discussion brought out a variety of points, mainly on the meaning and implications in
Steve's diagrammatic scenarios. Overall, his approach and direction was endorsed by the
Security Forum members. Steve took away the feedback and will proceed with developing the
content of this Guide around these scenarios.
Managers Guide to Data Privacy
Steve Jenkins (NASA JPL) led a review of the latest draft (which he circulated on 18th
Dec 2002), including with one of the original authors (Bob Blakley) but without our
Security Guides series editor (Eliot Solomon). Edits were annotated into the draft text
viewed by all via the A/V meeting projector. Much of the discussion was spent considering
the desired content and coverage that should appear under the placeholder headings towards
the end of the existing draft, checking back to the existing content in the earlier
sections to ensure we maintain consistency in our approach.
Steve undertook to translate the marked-up annotation into text to produce a completed
draft of this guide, by the end of February. It will then be made available for review by
the Security Forum membership, with the objective of completing the final version for
publication by the end of March 2003.
Technical Guide to Security Design Patterns
The detailed edits to this document are held by Bob Blakley (IBM/Tivoli). Ian and Bob
agreed a meeting in the week beginning 17th February, when they will collate all these
detailed edits and assemble a complete draft for this technical guide. It will then be
presented for review by the Security Forum and our associated group of design patterns
experts.
Proposed New Security Forum Projects
In response to a discussion in the Security Forum steering committee on proposed new
projects that the Security Forum can undertake to raise our value proposition:
- Terry Blevins (CIO, The Open Group) and Eliot Solomon have encouraged all Forums to work
on Architectures for Boundaryless Information Flow - see the Plenary meeting report on
their presentation held on Tuesday AM.
- Steve Whitlock (Boeing) submitted suggested several work items that align with Ian
Dobson's call for project proposals that represent technical contributions towards solving
real IT security pain-points that IT-enabled businesses commonly share.
We held several discussions on the proposal to work on security architectures for
Boundaryless Information Flow, on Wednesday and Thursday, and these culminated in
agreement in a final meeting session on Friday to undertake a project on this. The report
is linked to the Security Forum's Friday AM meeting.
Steve Whitlock's new work proposals were discussed
in turn:
- PKI: Guide to Trust Models
A Guide to Trust Models - for business-2-business, non-prescriptive, listing the pros and
cons (including expectations, & the consequences of an party not fulfilling their
responsibilities) that have to be weighed when deciding what trust levels your business
needs, and giving usage examples. It should include bridge CAs, cross-certification, and
how SAML can contribute to the solution space. Discussion rated this as NYS (worth further
consideration).
- Middleware: SAML interoperability, & Web Services Security
Discussion concluded that the SAML specification leaves so little room for
mis-interpretation as to render interoperability test & certification/branding
unnecessary. However, an architectural/analytical guide to Web Services would have merit,
so was rated NYS (worth further consideration).
- Some Deliverable to help make Role Based Access Control a reality
There is a big gap between the theory (many publications, e.g from NIST) and the real
world. This problem focuses on access control, which spans identity, role, and policy.
Roles can be administrative or operative (computed on the fly). It was suggested that use
of SAML is likely to lead to a richer solution because it would decompose the problem
space well. We could perhaps work on a model for roles and the choices that need to be
made. Overall rated as HDNYS (highly definitely worth further consideration).
- Perimeter Security outside the Desktop
The domain perimeter is becoming "soft", to the point where internal networks
need to be treated as insecure. This pain-point would address how to manage the security
for individual machines when the perimeter is outside the desktop. The ultimate solution
would seem to be to move security to the data. Discussion rated this as DNYS (definitely
worth further consideration).
- Baseline Security Standard improve security level
Steve characterized this as an initiative to move the bar so that the overall level of
security for BSS-conformant systems is improved. He envisaged that for not too much effort
in revising our XBSS standard we could contribute significant new value. Part of the EU
privacy requirements depends on a secure environment, and a BSS-conformant system would
support and simplify security audits for insurance, etc. XBSS would need a significant
revision, to include networking, and a new elevator pitch, plus leveraging through the
ALPI. IanD proposed discussing this further with Nick Mansfield. Discussion rated this as
DNYS (definitely worth further consideration).
- Security for laptops
A Secure Configuration Guide, explaining how to secure a laptop for executives on the
move, with one log-in. It would need transparent encryption, and lock by absence (some
proximity device - Bluetooth?, Smart-Card). Discussion rated this as DNYS
(definitely worth further consideration).
It was agreed that the proposals that achieved *NYS status would be further reviewed
and discussed in teleconferences between this and the next meeting.
Agreement on the approach to writing our Managers Guide to Identity/Authentication;
feedback on the proposed scenarios; approval to proceed with writing the 1st draft in line
with the meeting comments on the approach and scenarios.
Agreement on the content of the complete Managers Guide to Data Privacy and on a
schedule to complete a draft for review.
Arrangements to collate the existing detailed edits on the Technical Guide to Security
Design Patterns, into a complete draft for formal review.
Agreement to further review Steve Whitlock's proposals for new projects, in
teleconferences between this and the next meeting.
Review Protection Profiles for Real-Time Security
Action: Security Forum members to review the report and revised deliverables resulting
from the Burlingame RTES Security Group meeting, and to engage in joint future review
activities as appropriate.
Managers Guide to Identity/Authentication
Action: Steve Mathews to take away the feedback from his presentation at this
Burlingame meeting and develop a 1st draft of this Guide, by end Feb'03.
Managers Guide to Data Privacy
Action: Steve Jenkins to produce a completed draft, by the end of February.
Action: Security Forum members to do formal review during 1st half of March'03.
Action: Ian Dobson to deliver final version for publication by end March'03.
Technical Guide to Security Design Patterns
Action: Bob Blakley will work with Ian Dobson to collate the numerous existing edits
already agreed on this document, and deliver a completed draft by end Feb'03
Action: Security Forum to conduct formal review through early March'03.
Proposed New Security Forum Projects
Action: Security Forum to review Steve Whitlock's proposals for new projects in
preparation for discussion in teleconferences between this and the next meeting. See also
the link to the Security Forum's Friday AM meeting for action on security architectures
for boundaryless information flow.
Links
