Long-term Archive Service Requirements draft-ietf-ltans-reqs-00.txt.

Slides:



Advertisements
Similar presentations
RP Designs Semi-Custom e-Commerce Package. Overview RP Designs semi- custom e-commerce package is a complete website solution. Visitors can browse a catalog.
Advertisements

Configuration management
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
Grid Computing, B. Wilkinson, 20045a.1 Security Continued.
M.Sc. Hrvoje Brzica Boris Herceg, MBA Financial Agency – FINA Ph.D. Hrvoje Stancic, assoc. prof. Faculty of Humanities and Social Sciences Long-term Preservation.
Opening Presentation of Notary Reqs 8/5/2004 Tobias Gondrom.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
Apr 2, 2002Mårten Trolin1 Previous lecture On the assignment Certificates and key management –Obtaining a certificate –Verifying a certificate –Certificate.
1 Authentication Applications Digital Signatures Security Concerns X.509 Authentication Service Kerberos Based on slides by Dr. Lawrie Brown of the Australian.
PAWN: A Novel Ingestion Workflow Technology for Digital Preservation
CERTIFICATES “a document containing a certified statement, especially as to the truth of something ”
Homework #5 Solutions Brian A. LaMacchia Portions © , Brian A. LaMacchia. This material is provided without.
Trusted Archive Protocol (TAP) Carl Wallace
Archive Time-Stamps-Syntax Dr. Ulrich Pordesch
Configuring Active Directory Certificate Services Lesson 13.
Wolfgang Schneider NSI: A Client-Server-Model for PKI Services.
Part Two Network Security Applications Chapter 4 Key Distribution and User Authentication.
SWIS Digital Inspections Project (SWIS DIP) Chris Allen, Information Management Branch California Integrated Waste Management Board November 5, 2008 The.
Trust Anchor Management Problem Statement 69 th IETF Trust Anchor Management BOF Carl Wallace.
Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.
Registration Processing for the Wireless Internet Ian Gordon Director, Market Development Entrust Technologies.
General Key Management Guidance. Key Management Policy  Governs the lifecycle for the keying material  Hope to minimize additional required documentation.
DKIM Reporting Murray S. Kucherawy. The Problems to Solve Senders want to know when their brands are being violated –Mail being forged as coming from.
Shib-Grid Integrated Authorization (Shintau) George Inman (University of Kent) TF-EMC2 Meeting Prague, 5 th September 2007.
Network Security Lecture 26 Presented by: Dr. Munam Ali Shah.
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
MASS / DKIM BOF IETF – Paris 4 Août 2005 dkim.org  mipassoc.org/mass IETF – Paris 4 Août 2005 dkim.org  mipassoc.org/mass MIPA.
Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.
Version Advanced User Training. Instructions This training module contains additional key concepts that are an extension to the concepts in the.
CERTIFICATES. What is a Digital Certificate? Electronic counterpart to a drive licenses or a passport. Enable individuals and organizations to secure.
Kerberos Named after a mythological three-headed dog that guards the underworld of Hades, Kerberos is a network authentication protocol that was designed.
Secure Messaging Workshop The Open Group Messaging Forum February 6, 2003.
1 NTTC/NTC ERO Training 2011 Tax Year 2007 ERO TRAINING ELECTRONIC RETURN ORIGINATOR (ERO) (Transmitter in Tax-Wise)
IETF - LTANS, March 2004P. Sylvester, Edelweb & A. Jerman Blazic, SETCCE Introduction The following slides were prepared as a result of analysis and discussion.
John A. Coates, P.E., Administrator Wastewater Compliance Evaluation Section, Office of Wastewater Management Florida Department of Environmental Protection.
Evidence Record Syntax <draft-ietf-ltans-ers-00.txt>
Digital Signatures, Message Digest and Authentication Week-9.
© 2003 The MITRE Corporation. All rights reserved For Internal MITRE Use Addressing ISO-RTO e-MARC Concerns: Clarifications and Ramifications Response.
Matej Bel University Cascaded signatures Ladislav Huraj Department of Computer Science Faculty of Natural Sciences Matthias Bel University Banska Bystrica.
Kerberos Guilin Wang School of Computer Science 03 Dec
OAIS Rathachai Chawuthai Information Management CSIM / AIT Issued document 1.0.
DIGITAL SIGNATURE.
Traditional Security Issues Confidentiality –Prevent unauthorized access or reading of information Integrity –Insure that writing or operations are allowed.
LTANS service and protocol Carl Wallace (on behalf of Peter Sylvester) 6 Aug 2004, 60th IETF, San Diego.
SWIS Digital Inspections Project Chris Allen, Information Management Branch California Integrated Waste Management Board August 22, 2008.
1 Kerberos – Private Key System Ahmad Ibrahim. History Cerberus, the hound of Hades, (Kerberos in Greek) Developed at MIT in the mid 1980s Available as.
Security fundamentals Topic 5 Using a Public Key Infrastructure.
Deck 10 Accounting Information Systems Romney and Steinbart Linda Batch March 2012.
Digitally Signed Records – Friend or Foe? Boris Herceg Hrvoje Brzica Financial Agency – FINA Hrvoje Stančić.
SACRED REQUIREMENTS DOCUMENT Stephen Farrell, Baltimore Alfred Arsenault, Diversinet.
© Copyright 2009 SSLPost 01. © Copyright 2009 SSLPost 02 a recipient is sent an encrypted that contains data specific to that recipient the data.
Long-term Archive Service Requirements November 9, 2004.
CABLING SYSTEM WARRANTY REGISTRATION. PURPOSE OF CABLING REGISTRATION.
1 Addendum FALL 2004 RFP Detailed Instructions for Bidder Registration and Proposal Submission ENTERGY SERVICES, INC. November 2004.
Fall 2006CS 395: Computer Security1 Key Management.
Building Preservation Environments with Data Grid Technology Reagan W. Moore Presenter: Praveen Namburi.
Dr. Nermi hamza.  A user may gain access to a particular workstation and pretend to be another user operating from that workstation.  A user may eavesdrop.
Prof. Reuven Aviv, Nov 2013 Public Key Infrastructure1 Prof. Reuven Aviv Tel Hai Academic College Department of Computer Science Public Key Infrastructure.
ELECTRONIC RETURN ORIGINATOR (ERO) (Transmitter in Tax-Wise)
OGF PGI – EDGI Security Use Case and Requirements
Trust Anchor Management Problem Statement
Cryptography and Network Security
LTAP protocol presentation
OGSA Data Architecture Scenarios
Pooja programmer,cse department
Homework #5 Solutions Brian A. LaMacchia
Presentation transcript:

Long-term Archive Service Requirements draft-ietf-ltans-reqs-00.txt

November th IETF - Minneapolis2 Current Draft Completed too late to submit to IETF in advance of the WG session –Posted to LTANS web site and link sent to the mailing list –Has been (briefly) discussed on mailing list Identifies the functional and technical requirements for a long-term archive service Authors: Carl Wallace, Ralf Brandner and Ulrich Pordesch

November th IETF - Minneapolis3 Topics Scenarios –How/when/why will service be used? Terminology Functional Requirements –What should service do? Data Structure Requirements –How will evidence be generated and represented? Protocol Requirements –How will interaction with service be performed?

November th IETF - Minneapolis4 Scenarios Long-term archive problems and tasks –Availability and integrity of data for long periods of time Birth certificates, tax documents, wills, etc. –Demonstration of proof of existence and integrity for court Prove existence of a document, prove integrity of criminal evidence, etc. –Preservation of evidence for signed or timestamped data Store material to facilitate future verification

November th IETF - Minneapolis5 Terminology Trusted Archiving: A process that includes storing data objects for long periods of time while preserving data integrity via periodic generation of timestamps and collection of evidence. Archived data object: Data unit that is archived and preserved by a Long-term Archive Service. Evidence: Information that may be used to resolve a dispute about various aspects of authenticity of archived data objects.

November th IETF - Minneapolis6 Terminology (continued) Evidence record: Collection of evidence compiled for one or more archived data objects over time. An evidence record may include timestamps and additional verification data such as certificates, revocation information, trust anchors, policy details, role information, etc. Archive package : Collection of information including archived data objects and the associated evidence record.

November th IETF - Minneapolis7 Functional Requirements - Accept data objects or groups of data objects for preservation; - Store submitted data objects for a given period of time; - Generate, store and maintain evidence records (i.e. by periodically obtaining timestamps) for data objects submitted for preservation; - Collect and store additional verification data necessary to verify evidence records, e.g. certificates, CRLs, trust anchors; - Provide archive packages containing archived data and/or evidence - Operate according to a long-term archive policy that, minimally, determines quality of time-stamps, conditions for renewal, etc; - Be able to provide archive packages even if the storage, software or processing technology changes during the lifetime of an archived data object; -Be able to provide an acknowledgement that a data object existed at a certain time, as an alternative, if user is not able to interpret the evidence record; -Necessity to stored access archived data should be minimized.

November th IETF - Minneapolis8 Functional Requirements (from mailing list discussion) -An archive service must not be able to insert data in a non- chronological way -An archive service must not be able to delete data from an archive without detection -An archive service should be able to provide service in a staged way, i.e. provide initial acknowledgements followed by final ones (client may obtain final acknowledgements by an asynchronous method, e.g. ) -It should be possible to use a broker-style service provider to relay requests to back-end service providers

November th IETF - Minneapolis9 Data Structure Requirements - It MUST be possible to include all timestamps necessary to verify the existence of the archived data objects. - It SHOULD be possible to include additional information for the verification of timestamps within the evidence record or the archived data object itself such as certificates and revocation information, the security suitability of applied algorithms and trust anchors. - The timestamp data structure SHOULD be defined in such a way that it is possible to provide evidence for many archived data objects in an efficient way. For example, it should be possible to archive a document file and a signature file together such that they get the same evidence record. - It SHOULD be possible to create timestamps without the need to access the archived data objects. The access to the archived data SHOULD only be necessary if the security suitability of employed hash algorithm is not sufficient.

November th IETF - Minneapolis10 Data Structure Requirements (continued) - Where groups of data objects are submitted, non-repudiation proof MUST still be available for each archived data object separately. - It SHOULD be possible to package all evidence along with the archived data objects in a single data item or to package evidence and archived data objects in separate items. - It SHOULD be possible to provide evidence for encrypted archived data objects and it SHOULD be possible to include information for the recovery of the archived data objects in unencrypted form (key, algorithm, etc.). - All hash algorithms applied to archived data over time SHOULD be identified in a single location to facilitate single pass verification. - The deletion of archived data objects MUST NOT put the provability of other archived data at risk.

November th IETF - Minneapolis11 Data Structure Requirements (from mailing list discussion) -Evidence structure must include a means of identifying the archive service. -Evidence structure must include a means of identifying the participating client. -It should be possible to use a variety of timestamp formats.

November th IETF - Minneapolis12 Protocol Requirements - The protocol MUST define interactions with a Long-term Archive Service including, at a minimum: submission of data or groups of data for preservation, retrieval of archive packages and deletion of archived data and associated evidence records. - The protocol MUST provide a response indicating successful submission or deletion of data. The acknowledgement of successful submission SHOULD permit a submitter to verify that the correct data was received by the service for preservation, e.g. the acknowledgement could include an index, a signature or a timestamp obtained for the archived data object. - The protocol MUST provide a response containing information, e.g. an index, to facilitate retrieval of the the archive package. It also should be possible to retrieve archive packages by using hash values of the archived data objects. - If a Long-term Archive Service does not support a client- requested long-term archive policy, the service MUST return an error.

November th IETF - Minneapolis13 Protocol Requirements (continued) - The protocol SHOULD provide means of associating submitted data objects with previously submitted data objects, i.e. to facilitate retrieval based on aggregation of objects over time. - The protocol SHOULD provide means for specifying a point in time at which an archived data object need no longer be preserved. It also should be possible to extend the archiving period. - The protocol SHOULD provide for the submission of evidence records previously generated by a different TAA. - The protocol SHOULD be as simple to use as possible. - The protocol SHOULD permit encryption of data before submission in such a way that there exists non-repudiation evidence for the unencrypted data. - The protocol MUST prevent replay attacks. - The protocol MUST include a means of indicating the long-term archive policy under which the service operates.

November th IETF - Minneapolis14 Protocol Requirements (from mailing list discussion) -A client (or other relying party) MUST be able to prove that a particular acknowledgement corresponds to a request made by the client, e.g. via a global identifier. -It MUST be possible to include metadata concerning the archived data, e.g. MIME type, file name, a short description, etc. -Protocol SHOULD include a “confirm existence” transaction, which may include a reference to another provider in the response. -Format for acknowledgements MUST include a means of identifying the archive service. -Format for acknowledgements MUST include a means of identifying the participating client.

November th IETF - Minneapolis15 Next Steps Incorporate additional requirements and respond to comments General clean-up and editing Add sections addressing operational and/or legal requirements? Submit updated version of current draft to IETF as -00 draft by the end of November

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.