IETF - LTANS, March 2004P. Sylvester, Edelweb & A. Jerman Blazic, SETCCE Introduction The following slides were prepared as a result of analysis and discussion.

Slides:



Advertisements
Similar presentations
17 March 2010 Workshop on Efficient and Effective eGovernment FASTeTEN : a Flexible Technology in Different European Administrative Contexts
Advertisements

Directory and Trust Services (D&TS) Define an Abstract Model Purpose: Document a common terminology that the group can use between the various tracks Identify.
Chapter 14 – Authentication Applications
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
Practical Digital Signature Issues. Paving the way and new opportunities. Juan Carlos Cruellas – DSS-X co-chair Stefan Drees - DSS-X.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
DOCUMENTATION REQUIREMENTS Based on ISO 9001:2008
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Chapter 4 Authentication Applications. Objectives: authentication functions developed to support application-level authentication & digital signatures.
M.Sc. Hrvoje Brzica Boris Herceg, MBA Financial Agency – FINA Ph.D. Hrvoje Stancic, assoc. prof. Faculty of Humanities and Social Sciences Long-term Preservation.
Coping with Electronic Records Setting Standards for Private Sector E-records Retention.
Opening Presentation of Notary Reqs 8/5/2004 Tobias Gondrom.
Information security An introduction to Technology and law with focus on e-signature, encryption and third party service Yue Liu Feb.2008.
EMS Auditing Definitions
The OpenEvidence Project Peter Sylvester, EdelWeb IETF - N° 57, Wien PKIX working group.
Brief Overview of Major Enhancements to PAWN. Producer – Archive Workflow Network (PAWN) Distributed and secure ingestion of digital objects into the.
PAWN: A Novel Ingestion Workflow Technology for Digital Preservation
CERTIFICATES “a document containing a certified statement, especially as to the truth of something ”
Applied Cryptography for Network Security
PAWN: A Novel Ingestion Workflow Technology for Digital Preservation Mike Smorul, Joseph JaJa, Yang Wang, and Fritz McCall.
Trusted Archive Protocol (TAP) Carl Wallace
Long-term Archive Service Requirements draft-ietf-ltans-reqs-00.txt.
Prepared by Long Island Quality Associates, Inc. ISO 9001:2000 Documentation Requirements Based on ISO/TC 176/SC 2 March 2001.
Archive Time-Stamps-Syntax Dr. Ulrich Pordesch
Key Management in Cryptography
Instructions and forms
Authorization architecture sketches draft-selander-core-access-control-02 draft-gerdes-core-dcaf-authorize-02 draft-seitz-ace-design-considerations-00.
Wolfgang Schneider NSI: A Client-Server-Model for PKI Services.
Cardea Requirements, Authorization Model, Standards and Approach Globus World Security Workshop January 23, 2004 Rebekah Lepro Metz
Trust Anchor Management Problem Statement 69 th IETF Trust Anchor Management BOF Carl Wallace.
Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.
September, 2005What IHE Delivers 1 Key Image Notes Evidence Documents Simple Image & Numeric Report Access to Radiology Information IHE Vendors Workshop.
X-Road – Estonian Interoperability Platform
Shib-Grid Integrated Authorization (Shintau) George Inman (University of Kent) TF-EMC2 Meeting Prague, 5 th September 2007.
Public Key Infrastructure (X509 PKI) Presented by : Ali Fanian.
CERTIFICATES. What is a Digital Certificate? Electronic counterpart to a drive licenses or a passport. Enable individuals and organizations to secure.
OpenEvidence and ESS Peter Sylvester, EdelWeb IETF - N° 57, Wien S/MIME working group.
1 Schema Registries Steven Hughes, Lou Reich, Dan Crichton NASA 21 October 2015.
a guidance to conversion
Public Key Infrastructure (X509 PKI) Presented by : Ali Fanian
SOA-39: Securing Your SOA Francois Martel Principal Solution Engineer Mitigating Security Risks of a De-coupled Infrastructure.
Lifecycle Metadata for Digital Objects October 18, 2004 Transfer / Authenticity Metadata.
Secure Systems Research Group - FAU SW Development methodology using patterns and model checking 8/13/2009 Maha B Abbey PhD Candidate.
Matej Bel University Cascaded signatures Ladislav Huraj Department of Computer Science Faculty of Natural Sciences Matthias Bel University Banska Bystrica.
Mobile Communication MMS. Mobile Communication The MM7 interface enables interactions between Value Added Service applications and an MMSC. The technical.
XML Evidence Record Syntax
Cryptography and Network Security Chapter 14 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Identity Proofing, Signatures, & Encryption in Direct esMD Author of Record Workgroup John Hall Coordinator, Direct Project June 13, 2012.
OAIS Rathachai Chawuthai Information Management CSIM / AIT Issued document 1.0.
DIGITAL SIGNATURE.
“Trust me …” Policy and Practices in PKI David L. Wasley Fall 2006 PKI Workshop.
LTANS service and protocol Carl Wallace (on behalf of Peter Sylvester) 6 Aug 2004, 60th IETF, San Diego.
Security fundamentals Topic 5 Using a Public Key Infrastructure.
LTAP status IETF 68 - Praha March 20, 2007 Peter Sylvester - EdelWeb.
Copyright (c) 2014 Pearson Education, Inc. Introduction to DBMS.
ISO DOCUMENT CONTROL. ISO Environmental Management Systems2 Lesson Learning Goals At the end of this lesson you should be able to: 
Task Force CoRD Meeting / XML Security for Statistical Data Exchange Gregory Farmakis Agilis SA.
Long-term Archive Service Requirements November 9, 2004.
E-SIGNED DocFlow SYSTEM in GEORGIAN FINANCIAL SECTOR NANA ENUKIDZE – E-Business Development Consultant.
1 Overview of the Hub Concept & Prototype for Secure Method of Information Exchange (SMIE) April 2013 Prepared by NZ & USA.
Building Preservation Environments with Data Grid Technology Reagan W. Moore Presenter: Praveen Namburi.
Prof. Reuven Aviv, Nov 2013 Public Key Infrastructure1 Prof. Reuven Aviv Tel Hai Academic College Department of Computer Science Public Key Infrastructure.
Presented by : Piero Milani ( InfoCamere - Italy)Piero Milani InfoCamere - Italy VCD Signature & VCD Verification strategy as seen by InfoCamere ( WP1.
Trust Anchor Management Problem Statement
ERS to XML Introduction to ERS syntax in XML format
Cryptography and Network Security
LTAP protocol presentation
Presentation transcript:

IETF - LTANS, March 2004P. Sylvester, Edelweb & A. Jerman Blazic, SETCCE Introduction The following slides were prepared as a result of analysis and discussion between authors on technical and organizational issues of long term archiving models, protocols and data structures Two general domains are discussed: –E-archive infrastructure and operation –E-archive data structures Enclosed points should serve as starting points for formal representation of e-archiving based on technical and legal requirements

IETF - LTANS, March 2004P. Sylvester, Edelweb & A. Jerman Blazic, SETCCE Infrastructure model Several layers (1/2 and 3/4 may be combined in some way) 1.End user controlled interface into a work flow application 2.End user parametrisable security and protocol layer 3.Company internal relay/broker 4.Company outgoing backend clients 5.Backend service notarisation front a service 6.Backend storage services.

IETF - LTANS, March 2004P. Sylvester, Edelweb & A. Jerman Blazic, SETCCE Infrastructure protocols Inter-layer protocol –Simple secure communication between 1/2 and 3/4, trust MAY be based on communication, not on signatures of responses, minimal trust base. –4/5 backend is third party delivering attestations (strawman DVCS/RFC 3029 like) –5/6 internal API or simple protocol (functions need to be defined)

IETF - LTANS, March 2004P. Sylvester, Edelweb & A. Jerman Blazic, SETCCE Security Security model of application (cf BS 7799/ISO 17799) –Both for client and service Application/workflow has whatever it has for audit: Control Communication with a relay providing attestations of notarisations including archival as one security measure.

IETF - LTANS, March 2004P. Sylvester, Edelweb & A. Jerman Blazic, SETCCE ISO model User Application Context Service Control Arch./Notary Service Control & Audit Sec. Mes. timestamp Archive service Two security measures: -archive service for the end client -Time stamping for the service itself

IETF - LTANS, March 2004P. Sylvester, Edelweb & A. Jerman Blazic, SETCCE Security model Security model of archival services –Service is provided by operation 4/5 –security measure is an integrity ensuring mechanism –at least using time stamps. –Questions: What to time stamp: activity log and/or archived data. Auditing techniques: may randomly validate attestations?

IETF - LTANS, March 2004P. Sylvester, Edelweb & A. Jerman Blazic, SETCCE Service operation Archival service operation classes (4/5) –submit data and obtain attestation(s) –validate authenticity of an attestation with or without returning the data. result may be 'has been deleted before... according to request... verification may be simply 'signature validation’ or 'checking attestation/data'

IETF - LTANS, March 2004P. Sylvester, Edelweb & A. Jerman Blazic, SETCCE Service operation cont. –transfer/deletion operation produces an attestation attestation is kept as "integrity anchor" to replace deleted/transferred journal and archive entries.

IETF - LTANS, March 2004P. Sylvester, Edelweb & A. Jerman Blazic, SETCCE Service operation cont. Transport –similar to XKMS (forget about encodings at the moment) –Asynchronous paradigm or at least multiple responses. –Multiple mappings possible in the future –Separation of secure transport and syntax/semantics of an 'attestation" as much as possible.

IETF - LTANS, March 2004P. Sylvester, Edelweb & A. Jerman Blazic, SETCCE Abstract protocol Implemented by archive/notary service (central box on earlier diagram) –Three types of messages Submission requests Management requests Responses –All message types identify sender and recipient –Should all message types may provide replay protection or idempotence of operation?

IETF - LTANS, March 2004P. Sylvester, Edelweb & A. Jerman Blazic, SETCCE Abstract protocol (continued) Submission requests are used to: –Convey groups of data objects and related information for archiving Mechanisms for data submission will include –direct inclusion of data –specification of a URI where data can be found –specification of an index for data (i.e. for cases where data is already held by TAA) For each data object –identify requested archive policy –specify archive period –specify metadata –provide indication of type of information that should be returned –Transfer data and/or records from one provider to another

IETF - LTANS, March 2004P. Sylvester, Edelweb & A. Jerman Blazic, SETCCE Abstract protocol (continued) Management requests are used to: –Retrieve archived data, metadata, evidence, etc. –Initiate searches –Initiate transfer archive data and/or evidence –Add/replace metadata, period, policy Responses are used to: –convey status information –convey attestations, archived data, metadata, document ID, evidence, etc.

IETF - LTANS, March 2004P. Sylvester, Edelweb & A. Jerman Blazic, SETCCE Issues Questions: –How/when does archiver execute its integrity service? –To what degree the integrity info can be communicated? –To the clients (goal, get rid of signatures and keys)?

IETF - LTANS, March 2004P. Sylvester, Edelweb & A. Jerman Blazic, SETCCE Answers Possible solution: –Client first asks for archival and gets a signed response (triggered by notification or after some time): –Client has obtained a globally published hash and requests validation of the previous operation, Result is an attestation containing a hash chain.

IETF - LTANS, March 2004P. Sylvester, Edelweb & A. Jerman Blazic, SETCCE Data structures Security aspect –Data structures that are necessary to prove the existence and integrity of data archived for an unlimited period of time Interaction aspect –Formal data needed to evidence interactions with an archive (object successful submission, archived object validation result, etc.)

IETF - LTANS, March 2004P. Sylvester, Edelweb & A. Jerman Blazic, SETCCE Data structures cont. Validation aspect –Data structures to evidence the existence and validity of applied security attributes (e.g. electronic signature) over object(s) over archival time Operational aspect –Data structures to index and manage archived objects (out of the scope of LTANS?) in a formal way

IETF - LTANS, March 2004P. Sylvester, Edelweb & A. Jerman Blazic, SETCCE Security ERS –Structures for conservation purposes based on time relevant techniques –Data formats and processing procedures for Time-Stamps in order to be able to verify and communicate archived data (and metadata) preserving evidence –Related or unrelated? to used conservation techniques (e.g. time stamp, hash linking, etc.)

IETF - LTANS, March 2004P. Sylvester, Edelweb & A. Jerman Blazic, SETCCE Interaction Formal attestation –Object submission –Object existence –Object deletion –Validity of archived object (revision) For attestation data existence and integrity also need to be provided for the archival period

IETF - LTANS, March 2004P. Sylvester, Edelweb & A. Jerman Blazic, SETCCE Validation Validation of security attributes –Attestation of validity in time: Proof of the existence and integrity of security attributes –Self driven attestation Self reference collection (on the basis of RFC3126), like OCSP response, CRL download, etc.) – manage validation completely by end-user (client?) –Authority driven attestation Validity proof (formal attestation) by authority (based on DVCS interaction or also OCSP is somehow considered as an authority driven approach) – put the complete focus of a trust on thrid party authority

IETF - LTANS, March 2004P. Sylvester, Edelweb & A. Jerman Blazic, SETCCE Operation Object metadata –Archiving related metadata Creation place and date, author, etc. – a must have in legal constrains –Managing related metadata Out of the scope… (what is the correlation with METS- like standards) –Presentation related data Format transformation (obsolete format replacement by encapsulation procedures – transformation on the fly) – formal and certified procedures – out of the scope or not??

IETF - LTANS, March 2004P. Sylvester, Edelweb & A. Jerman Blazic, SETCCE Structure Object Metadata Security attributes Indexation data Validation data Conservation attributes Hash Tree - ERS Operation Metadata { Archive data structures Single Time Stamp

IETF - LTANS, March 2004P. Sylvester, Edelweb & A. Jerman Blazic, SETCCE Questions To what extent data structures have to be defined? How does archive receive “raw” object (e.g. object without metadata? Is metadata (workflow, etc.) part of archival process? How is a transparency achieved through technology (e.g. how are data structures transferred through different underlying technology)? Does TAP (or other archiving related protocol) deal with procedures attestation? Where are attestations kept (securely)? Is this a part of the (meta)data structure?

IETF - LTANS, March 2004P. Sylvester, Edelweb & A. Jerman Blazic, SETCCE General information Authors –Peter Sylvester, Edelweb –Aleksej Jerman Blazic, SETCCE Date –March, 2004

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.