I2RS security Susan Hares (editor) And Discussion Team.

Slides:

Advertisements

Similar presentations

RBAC and HIPAA Security Uday O. Ali Pabrai, CHSS, SCNA Chief Executive, HIPAA Academy.

Advertisements

Open Extensible Proxy Services BOF Session 49th IETF, San Diego Chairs: Michael Condry, Hilarie Orman.

External User Security Model (EUSM) for SNMPv3 draft-kaushik-snmp-external-usm-00.txt November, 2004.

PKE PP Mike Henry Jean Petty Entrust CygnaCom Santosh Chokhani.

<<Date>><<SDLC Phase>>

Access Control Methodologies

IETF NEA WG (NEA = Network Endpoint Assessment) Chairs:Steve Hanna, Susan Thomson,

Securing Web Services Using Semantic Web Technologies Brian Shields PhD Candidate, Department of Information Technology, National University of Ireland,

A Heterogeneous Network Access Service based on PERMIS and SAML Gabriel López Millán University of Murcia EuroPKI Workshop 2005.

ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.

1 Network Management and SNMP  What is Network Management?  ISO Network Management Model (FCAPS)  Network Management Architecture  SNMPv1 and SNMPv2.

July 2015IETF TRILL WG1 TRILL Working Group TRansparent Interconnection of Lots of Links Mailing list address: Tools site:

NEA Working Group IETF meeting Nov 17, 2011 IETF 82 - NEA Meeting1.

Exchange Network Node Help Desk NOLA Conference Feb 9-10, 2004.

1 HIT Policy Committee HIT Standards Committee Privacy and Security Workgroup: Status Report Dixie Baker, SAIC July 16, 2009.

Cosmos Security Feature Overview Product Planning Group Samsung IT Solutions Business 12 July 2010.

21-07-xxxx IEEE MEDIA INDEPENDENT HANDOVER DCN: Title: MIH Protocol Security Date Submitted: December, 2007 Presented.

Survey of Identity Repository Security Models JSR 351, Sep 2012.

DICOM Security Lawrence Tarbox, Ph.D. Chair, WG 14 Mallinckrodt Institute of Radiology Washington University in St. Louis School of Medicine.

11/10/2003Pki4ipsec-nov03-agenda BOF Profiling Use of PKI in IPsec pki4ipsec Chairs: Gregory M Lebovitz Steve.

Update on the Internet Research Task Force Aaron Falk IRTF Chair IETF-72 – Dublin.

Draft-qi-i2nsf-access-network- usecase-00 Author: Minpeng Qi, Xiaojun Zhuang.

Web Application Security Presented by Ben Lake. How the Web Works Hypertext Transfer Protocol (HTTP)  Application-level  Stateless Example  Web Browser.

SWIM-SUIT Information Models & Services

Attribute Certificate By Ganesh Godavari. Talk About An Internet Attribute Certificate for Authorization -- RFC 3281.

Node and Flow Configuration (NFC) Node Mentoring Workshop 2/9/2004.

Security Overview  System protection requirements areas  Types of information protection  Information Architecture dimensions  Public Key Infrastructure.

IAB Report Technical Plenary IETF 81 July 25, 2011.

SACM Requirements Nancy Cam-Winget March 2014.

Digital Preservation Ontario Consortium of University Libraries (OCUL) Caitlin Tillman OCUL IR Chair With notes from Kathy Scardellato, OCUL Executive.

IETF63 - enum WG1 ENUM validation architecture & friends Alex Mayrhofer enum.at / 3.4.e164.arpa Bernie Höneisen SWITCH.

PAWS Protocol to Access White Space DB IETF 81 Gabor Bajko, Brian Rosen.

Authority To Citizen Alerts IETF 81 Quebec. Note: Note Well the Note Well Any submission to the IETF intended by the Contributor for publication as all.

ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.

AADHAR TECHNOLOGY Gurneet Kaur, Nitin Mangal. What is Aadhar?  Unique Identification Number linked to a person’s demographic and biometric information.

Access Controls Henry Parks SSAC 2012 Presentation Outline Purpose of Access Controls Access Control Models –Mandatory –Nondiscretionary/Discretionary.

Interface to The Internet Routing System (IRS) draft-atlas-irs-problem-statement-00 draft-ward-irs-framework-00 Alia Atlas Thomas Nadeau David Ward IETF.

SIPPING WG Status IETF 56 The Chairs Gonzalo Camarillo, Rohan Mahy, Dean Willis.

Electronic Submission of Medical Documentation (esMD)

SIP file directory draft-garcia-sipping-file-sharing-framework-00.txt draft-garcia-sipping-file-event-package-00.txt draft-garcia-sipping-file-desc-pidf-00.txt.

1 Chapter 7 WEB Security. 2 Outline Web Security Considerations Secure Socket Layer (SSL) and Transport Layer Security (TLS) Secure Electronic Transaction.

NEA Working Group IETF meeting July 27, 2011 Jul 27, 2011IETF 81 - NEA Meeting1.

The Patient Choice Project Use Case Working Session February 5 th, 2016.

SIPPING Drafts Jonathan Rosenberg dynamicsoft. Conferencing Package Issues Only one – scope Depends on broader work in conferencing May include –Participant.

IEEE P Architecture Subcommittee Conference Call November 15, IEEE P Architecture Subcommittee.

Session-Independent Policies draft-ietf-sipping-session-indep-policy-00 Volker Hilt Gonzalo Camarillo

IEEE P Architecture Subcommittee Conference Call January 24, IEEE P Architecture Subcommittee.

22 feb What is Access Control? Access control is the heart of security Definitions: * The ability to allow only authorized users, programs or.

Interface to The Internet Routing System (IRS) Framework documents Joel Halpern IETF 84 – Routing Area Open Meeting 1.

CMGT 430 OUTLET Teaching Effectively/ FOR MORE CLASSES VISIT

IETF 86 i2rs 14 March Functional Analysis of I2RS: What Are We Putting in the Mixture? Alia Atlas IETF 86, Orlando, FL.

OSG VO Security Policies and Requirements Mine Altunay OSG Security Team July 2007.

UNIT 7 SEMINAR Unit 7 Chapter 9, plus Lab 13 Course Name – IT482 Network Design Instructor – David Roberts – Office Hours: Tuesday.

Doc.: IEEE /0103r0 Submission January 2004 Jesse Walker, Intel CorporationSlide 1 Some LB 62 Motions January 14, 2003.

Eclipse Foundation, Inc. Eclipse Open Healthcare Framework v1.0 Interoperability Terminology HL7 v2 / v3 DICOM Archetypes Health Records Capture Storage.

IEEE P Architecture Subcommittee

Lan Zhou, Vijay Varadharajan, and Michael Hitchens

Phil Hunt, Hannes Tschofenig

SECURING NETWORK TRAFFIC WITH IPSEC

Goals of soBGP Verify the origin of advertisements

Module 8: Securing Network Traffic by Using IPSec and Certificates

Maureen Stillman March 17, 2003

Security in ebXML Messaging

Maryna Komarova (ENST)

IETF Liaison Report March 2004 Dorothy Stanley – Agere Systems

Multi-party Authentication in Web Services

Charles Shen, Henning Schulzrinne, Arata Koike

Module 8: Securing Network Traffic by Using IPSec and Certificates

PAA-2-EP protocol PANA wg - IETF 58 Minneapolis

Presentation transcript:

I2RS security Susan Hares (editor) And Discussion Team

Discussion Team Editor: Sue Hares Co-authors on Architecture: Joel Halpern, Alia Atlas Chairs: Ed Crabbe Security folks: Ahmed Abro, Scott Brim, Nancy Cam-Winget, Eric Yu; Dacheng Zhang, Salman Asadullah, Wes George Information model people: Qin Wu, Sue Hares

Status Architecture draft has initial security issues covered, but misses confidentiality and mutual authentication Discussion Team A discussion team is trying to see if there are other security items needed in this doc. Preliminary outline: draft-hares-i2rs-security-arch-00.txt Joint outline based on work from co-authors and past drafts:draft-abroasadullah-i2rs-security-00.txt Meeting on Friday’s at 5pm ET/ 2pm PT/ 6am Sat (China)

Current status Leveraging security definitions from RFC4949 Investigating – Mutual authentication – Confidentiality – Role Based Security for I2RS Agent-Client interaction Not: Application-I2RS Client Not: I2RSAgent-Routing System Considering – Security requirements I2RS agent-client protocol – Impact of Security: Zero to full security – when/where/how/why

RFC4949 Access control (AC): (read, write, read + write) – Authorized use of resources by authorized entities (users, programs, processes) – Includes: Security policy + prevent unauthorized access, Identify who is authorized Role based AC: (RBAC) limits by role + identity Confidentiality – – data is not disclosed to system entities unless they have been authorized to know, and – data is not disclosed to unauthorized individuals, entities or processes. Mutual Authentication – Moving from mutually suspicious state to mutually authenticated by identify and verifying identity and role

Role-Based Access Control (RBAC) Role Assignments I2RS Identities Repository Q1: Does role by client lead to proliferation of clients? Q2: Grouping Tradeoff - # Functions/Role? Not in I2rs Role = Potential Read scope + Potential Write Scope I2RS Agent identities Mutual Authentication I2RS Agent Identity = OK ID I2RS Client Identity = OK ID I2RS client identities Identity Assignments

Environmental Issues Transport requirements – Implication on multi-stream model of I2RS – Impact on publishing broker or subscription to events Auditable Data Streams – Optional – Full stream or partial (Filtered audit/on Filtered events) – Use case draft: draft-clarke-i2rs-traceability-01 Privacy – Encryption: optional or mandatory Stacked I2RS agents i2rs client --- i2rs-agent/i2rs-client ---- i2rs agent

Next steps Discussion on list? Small group target to complete draft quickly – Goal: Quick feedback to Architecture document – Goal: 1 st Draft completed by 05/15/2015 – Discussion and adoption afterward – Send mail to if you want to join security