Long-term Archive Service Requirements November 9, 2004.

Slides:

Advertisements

Similar presentations

Chapter 14 – Authentication Applications

Advertisements

Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.

OTP-ValidationService: Summary, Status, and Next Steps OTPS Workshop, February 2006.

A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E IEPG March 2000 APNIC Certificate Authority Status Report.

Practical Digital Signature Issues. Paving the way and new opportunities. Juan Carlos Cruellas – DSS-X co-chair Stefan Drees - DSS-X.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Functional component terminology - thoughts C. Tilton.

1 WebTrust for Certification Authorities (CAs) Overview October 2011 WebTrust for Certification Authorities (CAs) Overview October 2011 Presentation based.

Resource Certificate Profile Geoff Huston, George Michaelson, Rob Loomans APNIC IETF 67.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.

Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.

Chapter 4 Authentication Applications. Objectives: authentication functions developed to support application-level authentication & digital signatures.

PKI Artifact Retention March Purpose Current drafts are silent on how refreshed timestamp chains will be verified –i.e., from where will the various.

21 mai 2015 Bridges between Certification Authorities.

M.Sc. Hrvoje Brzica Boris Herceg, MBA Financial Agency – FINA Ph.D. Hrvoje Stancic, assoc. prof. Faculty of Humanities and Social Sciences Long-term Preservation.

United Nations University United Nations Development Programme UNU Atlas Implementation Project Atlas Briefing Sessions – Tokyo Mar 2009 Requisitions,

6/1/2015Ch.31 Defining Enterprise Architecture Bina Ramamurthy.

Resource PKI: Certificate Policy & Certification Practice Statement Dr. Stephen Kent Chief Scientist - Information Security.

IETF NEA WG (NEA = Network Endpoint Assessment) Chairs:Steve Hanna, Susan Thomson,

E-Procurement: Digital Signatures and Role of Certifying Authorities Jagdeep S. Kochar CEO, (n)Code Solutions.

A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E 36th RIPE Meeting Budapest 2000 APNIC Certificate Authority Status Report.

The Lumina Center Grantseeking Workshop Series Presents Outcomes & Evaluations April 20, 2006.

E-Government Security and necessary Infrastructures Dimitrios Lekkas Dept. of Systems and Products Design Engineering University of the Aegean

Homework #5 Solutions Brian A. LaMacchia Portions © , Brian A. LaMacchia. This material is provided without.

Trusted Archive Protocol (TAP) Carl Wallace

Long-term Archive Service Requirements draft-ietf-ltans-reqs-00.txt.

Pay As You Go – Associating Costs with Jini Leases By: Peer Hasselmeyer and Markus Schumacher Presented By: Nathan Balon.

OASIS OASIS Digital Signature Services Juan Carlos Cruellas Juan Carlos Cruellas Andreas Kuehne Stefan Drees Ernst Jan van Nigtevecht.

Trust Anchor Management Problem Statement 69 th IETF Trust Anchor Management BOF Carl Wallace.

Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.

Science Archives in the 21st Century 25/26 April Towards an International standard for Audit and Certification of Digital Repositories David Giaretta.

Digital Signatures and e-Identity. Getting the best out of DSS / DSS-X services. Andreas Kuehne – DSS-X member.

Using SCVP to Convey Evidence Records Carl Wallace Orion Security Solutions.

1. The applicant, as an alternative to submitting applications in the usual manner in the concerned office, can submit the application to a CHO i CE Agent.

Doc.: IEEE Submission March 2012 Jani Pellikka, Andrei Gurtov (University of Oulu)Slide 1 Project: IEEE P Working Group.

Public Key Infrastructure (X509 PKI) Presented by : Ali Fanian.

Knowledge Technologies March 2001 DataChannel, Inc Preserving Process Hyperlink-Based Workflow Representation W. Eliot Kimber, DataChannel, Inc.

HEPKI-PAG Policy Activities Group David L. Wasley University of California.

David L. Wasley Office of the President University of California Shibboleth Safe delivery of reliable authorization data David L. Wasley University of.

Secure Messaging Workshop The Open Group Messaging Forum February 6, 2003.

IETF - LTANS, March 2004P. Sylvester, Edelweb & A. Jerman Blazic, SETCCE Introduction The following slides were prepared as a result of analysis and discussion.

A Brief Overview of draft-ietf-sidr-cp-01.txt draft-ietf-sidr-cps-rirs-01.txt draft-ietf-sidr-cps-isp-00.txt Steve Kent BBN Technologies.

Public Key Infrastructure (X509 PKI) Presented by : Ali Fanian

Distribution and components. 2 What is the problem? Enterprise computing is Large scale & complex: It supports large scale and complex organisations Spanning.

Path Construction “It’s Easy!” Mark Davis. Current WP Scope u Applications that make use of public key certificates have to validate certificate paths.

Cryptography and Network Security Chapter 14 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

IETF67 DIME WG Towards the specification of a Diameter Resource Control Application Dong Sun IETF 67, San Diego, Nov 2006 draft-sun-dime-diameter-resource-control-requirements-00.txt.

21-07-xxxx IEEE MEDIA INDEPENDENT HANDOVER DCN: Title: Command Service Date Submitted: Month, NN, 200x Presented at IEEE.

LTANS service and protocol Carl Wallace (on behalf of Peter Sylvester) 6 Aug 2004, 60th IETF, San Diego.

Security fundamentals Topic 5 Using a Public Key Infrastructure.

MuGM IEEE MEDIA INDEPENDENT HANDOVER DCN: Title: Use of certificates as a base security level for securing PoS/MN multicast communication.

SunGuide SM Software Development Project End of the Year ITS Working Group Meeting December 7, 2005.

Long-term Archive and Notary Services (LTANS) Working Group Charter Review.

1 Public Key Infrastructure Rocky K. C. Chang 6 March 2007.

CACI Proprietary Information | Date 1 PD² v4.2 Increment 2 SR13 and FPDS Engine v3.5 Database Upgrade Name: Semarria Rosemond Title: Systems Analyst, Lead.

EAP WG EAP Key Management Framework Draft-ietf-eap-keying-05.txt Bernard Aboba Microsoft IETF 62, Minneapolis, MN.

1 IUCN GL GLPA Standard Framework Matthew Wenban-Smith (Technical Support to Green List PA Steering Group) 25 th February 2014.

Trusted CoordinationTAPAS Workshop, 25-26/09/031 Building Blocks for Trusted Coordination Nick Cook University of Newcastle.

Trust Anchor Management Problem Statement

Cryptography and Network Security

Authentication Applications

Distribution and components

Message Digest Cryptographic checksum One-way function Relevance

Homework #5 Solutions Brian A. LaMacchia

Resource Certificate Profile

Appropriate Access InCommon Identity Assurance Profiles

Presentation transcript:

Long-term Archive Service Requirements November 9, 2004

Current Status Last call for -02 generated much discussion Version -03 posted in October At least one more version will be released before Minneapolis meeting in March

Issues Mechanism neutrality Work flow Policy representation and enforcement Miscellaneous

Issue: Mechanism neutrality The current requirements document is (more or less) mechanism neutral –Should it remain so? –Several possible mechanisms have been discussed: refreshed signature-based timestamps, refreshed linking hash-based timestamps, multi-party control (e.g. n of m) Most list discussion focuses on cryptographic or PKI- based solutions to problem –Where should details related to these mechanisms be captured? –Is it likely that non-cryptographic mechanisms will be used for long-term signature preservation (and if so, are they the concern of this WG)?

Possible way forward: Mechanism neutrality Keep document mechanism neutral –Minimally to accommodate signature and linking hash based solutions Capture mechanism specific details in specification documents (e.g. ERS) –Focus mechanism-centric discussion towards protocol specifications

Issue: Work flow Are multi-stage acknowledgements required? –For example, initial acknowledgement indicating receipt of data by LTA, subsequent acknowledgement indicating verification of data (possibly after a grace period to catch revocation declaration) and final acknowledgement indicating storage and initiation of preservation activities. Seems like yes –In which case, refreshed timestamp-focused evidence records miss the mark –“Property bag” may be appropriated (of which one instance is a refreshed timestamp) Data certification evidence is another instance

Possible way forward: Work flow Add a requirement for multi-stage (or independent) acknowledgements –This also addresses retroactive revocation requirement Review ERS structure for support for this requirement Consider relationships between acknowledgements or attributes in LTA signature structure and whether there is a need for preserved and unpreserved properties –Unpreserved conveys information that changes over time (e.g. classification code) –Preserved conveys (signed?) information that requires additional safeguards (e.g. subject to future refresh operations)

Issue: Archive policy Policy discussions have been most detailed of recent list discussions –Highly mechanism specific –Address cryptographic policy aspects independent of mechanism? Policy requirements needed to drive specification of protocol interface –If policy is applied on transaction basis How detailed does policy processing need to be at validation time (i.e. policy chain processing)? –Do we need more than a “named set of rules”? –Does policy matter to relying party at verification time? –Should LTA be able to supply policy details for any time T during its lifetime?

Possible way forward: Archive policy Prepare Internet Draft focusing on components of archive policy –Framework (a la CP/CPS framework)? –Any volunteers? Identify components of archive policy –Client components and server components –Policy expressed on a per-document basis (as part of archive protocol?) and default policy

Miscellaneous Need to delineate operational modes, e.g. active vs. passive? Attestations related to placement at storage server? Data origin necessary?

Summary Aim for last call before Minneapolis Focus group discussion on specifications –ERS –Prepare draft WebDAV binding –Complete draft DVCS-like protocol