| draft-ietf-opsec-efforts-07.txt | draft-ietf-opsec-efforts-08.txt | |||
|---|---|---|---|---|
| Network Working Group C. Lonvick | Network Working Group C. Lonvick | |||
| Internet-Draft D. Spak | Internet-Draft D. Spak | |||
| Expires: June 19, 2008 Cisco Systems | Expires: December 8, 2008 Cisco Systems | |||
| December 17, 2007 | June 6, 2008 | |||
| Security Best Practices Efforts and Documents | Security Best Practices Efforts and Documents | |||
| draft-ietf-opsec-efforts-07.txt | draft-ietf-opsec-efforts-08.txt | |||
| Status of this Memo | Status of this Memo | |||
| By submitting this Internet-Draft, each author represents that any | By submitting this Internet-Draft, each author represents that any | |||
| applicable patent or other IPR claims of which he or she is aware | applicable patent or other IPR claims of which he or she is aware | |||
| have been or will be disclosed, and any of which he or she becomes | have been or will be disclosed, and any of which he or she becomes | |||
| aware will be disclosed, in accordance with Section 6 of BCP 79. | aware will be disclosed, in accordance with Section 6 of BCP 79. | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF), its areas, and its working groups. Note that | Task Force (IETF), its areas, and its working groups. Note that | |||
| skipping to change at page 1, line 34 | skipping to change at page 1, line 34 | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| The list of current Internet-Drafts can be accessed at | The list of current Internet-Drafts can be accessed at | |||
| http://www.ietf.org/ietf/1id-abstracts.txt. | http://www.ietf.org/ietf/1id-abstracts.txt. | |||
| The list of Internet-Draft Shadow Directories can be accessed at | The list of Internet-Draft Shadow Directories can be accessed at | |||
| http://www.ietf.org/shadow.html. | http://www.ietf.org/shadow.html. | |||
| This Internet-Draft will expire on June 19, 2008. | This Internet-Draft will expire on December 8, 2008. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (C) The IETF Trust (2007). | Copyright (C) The IETF Trust (2008). | |||
| Abstract | Abstract | |||
| This document provides a snapshot of the current efforts to define or | This document provides a snapshot of the current efforts to define or | |||
| apply security requirements in various Standards Developing | apply security requirements in various Standards Developing | |||
| Organizations (SDO). | Organizations (SDO). | |||
| Table of Contents | Table of Contents | |||
| 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 5 | 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 5 | |||
| 2. Format of this Document . . . . . . . . . . . . . . . . . . . 7 | 2. Format of this Document . . . . . . . . . . . . . . . . . . . 7 | |||
| 3. Online Security Glossaries . . . . . . . . . . . . . . . . . . 8 | 3. Online Security Glossaries . . . . . . . . . . . . . . . . . . 8 | |||
| 3.1. ATIS Telecom Glossary 2000 . . . . . . . . . . . . . . . . 8 | 3.1. ATIS Telecom Glossary 2000 . . . . . . . . . . . . . . . . 8 | |||
| 3.2. Internet Security Glossary - RFC 2828 . . . . . . . . . . 8 | 3.2. Internet Security Glossary - RFC 4949 . . . . . . . . . . 8 | |||
| 3.3. Compendium of Approved ITU-T Security Definitions . . . . 8 | 3.3. Compendium of Approved ITU-T Security Definitions . . . . 8 | |||
| 3.4. Microsoft Solutions for Security Glossary . . . . . . . . 9 | 3.4. Microsoft Solutions for Security Glossary . . . . . . . . 8 | |||
| 3.5. SANS Glossary of Security Terms . . . . . . . . . . . . . 9 | 3.5. SANS Glossary of Security Terms . . . . . . . . . . . . . 9 | |||
| 3.6. Security Taxonomy and Glossary - Anne & Lynn Wheeler . . . 9 | 3.6. Security Taxonomy and Glossary - Anne & Lynn Wheeler . . . 9 | |||
| 4. Standards Developing Organizations . . . . . . . . . . . . . . 10 | 4. Standards Developing Organizations . . . . . . . . . . . . . . 10 | |||
| 4.1. 3GPP - Third Generation Partnership Project . . . . . . . 10 | 4.1. 3GPP - Third Generation Partnership Project . . . . . . . 10 | |||
| 4.2. 3GPP2 - Third Generation Partnership Project 2 . . . . . . 10 | 4.2. 3GPP2 - Third Generation Partnership Project 2 . . . . . . 10 | |||
| 4.3. ANSI - The American National Standards Institute . . . . . 10 | 4.3. ANSI - The American National Standards Institute . . . . . 10 | |||
| 4.3.1. Accredited Standards Committee X9 (ASC X9) . . . . . . 10 | 4.3.1. Accredited Standards Committee X9 (ASC X9) . . . . . . 10 | |||
| 4.4. ATIS - Alliance for Telecommunications Industry | 4.4. ATIS - Alliance for Telecommunications Industry | |||
| Solutions . . . . . . . . . . . . . . . . . . . . . . . . 11 | Solutions . . . . . . . . . . . . . . . . . . . . . . . . 11 | |||
| 4.4.1. ATIS NIPP - Network Interface, Power, and | 4.4.1. ATIS NIPP - Network Interface, Power, and | |||
| skipping to change at page 4, line 20 | skipping to change at page 4, line 20 | |||
| 5.24. NRIC VI Focus Groups . . . . . . . . . . . . . . . . . . . 26 | 5.24. NRIC VI Focus Groups . . . . . . . . . . . . . . . . . . . 26 | |||
| 5.25. OASIS Security Joint Committee . . . . . . . . . . . . . . 26 | 5.25. OASIS Security Joint Committee . . . . . . . . . . . . . . 26 | |||
| 5.26. OASIS Security Services (SAML) TC . . . . . . . . . . . . 27 | 5.26. OASIS Security Services (SAML) TC . . . . . . . . . . . . 27 | |||
| 5.27. OIF Implementation Agreements . . . . . . . . . . . . . . 27 | 5.27. OIF Implementation Agreements . . . . . . . . . . . . . . 27 | |||
| 5.28. TIA . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 | 5.28. TIA . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 | |||
| 5.29. WS-I Basic Security Profile . . . . . . . . . . . . . . . 28 | 5.29. WS-I Basic Security Profile . . . . . . . . . . . . . . . 28 | |||
| 6. Security Considerations . . . . . . . . . . . . . . . . . . . 29 | 6. Security Considerations . . . . . . . . . . . . . . . . . . . 29 | |||
| 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 30 | 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 30 | |||
| 8. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 31 | 8. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 31 | |||
| 9. Changes from Prior Drafts . . . . . . . . . . . . . . . . . . 32 | 9. Changes from Prior Drafts . . . . . . . . . . . . . . . . . . 32 | |||
| Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 34 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 35 | |||
| Intellectual Property and Copyright Statements . . . . . . . . . . 35 | Intellectual Property and Copyright Statements . . . . . . . . . . 36 | |||
| 1. Introduction | 1. Introduction | |||
| The Internet is being recognized as a critical infrastructure similar | The Internet is being recognized as a critical infrastructure similar | |||
| in nature to the power grid and a potable water supply. Just like | in nature to the power grid and a potable water supply. Just like | |||
| those infrastructures, means are needed to provide resiliency and | those infrastructures, means are needed to provide resiliency and | |||
| adaptability to the Internet so that it remains consistently | adaptability to the Internet so that it remains consistently | |||
| available to the public throughout the world even during times of | available to the public throughout the world even during times of | |||
| duress or attack. For this reason, many SDOs are developing | duress or attack. For this reason, many SDOs are developing | |||
| standards with hopes of retaining an acceptable level, or even | standards with hopes of retaining an acceptable level, or even | |||
| skipping to change at page 8, line 21 | skipping to change at page 8, line 21 | |||
| http://www.atis.org/tg2k/ | http://www.atis.org/tg2k/ | |||
| Under an approved T1 standards project (T1A1-20), an existing 5800- | Under an approved T1 standards project (T1A1-20), an existing 5800- | |||
| entry, search-enabled hypertext telecommunications glossary titled | entry, search-enabled hypertext telecommunications glossary titled | |||
| Federal Standard 1037C, Glossary of Telecommunication Terms was | Federal Standard 1037C, Glossary of Telecommunication Terms was | |||
| updated and matured into this glossary, T1.523-2001, Telecom Glossary | updated and matured into this glossary, T1.523-2001, Telecom Glossary | |||
| 2000. This updated glossary was posted on the Web as an American | 2000. This updated glossary was posted on the Web as an American | |||
| National Standard (ANS). | National Standard (ANS). | |||
| 3.2. Internet Security Glossary - RFC 2828 | 3.2. Internet Security Glossary - RFC 4949 | |||
| http://www.ietf.org/rfc/rfc2828.txt | http://www.ietf.org/rfc/rfc4949.txt | |||
| Created in May 2000, the document defines itself to be, "an | This document was originally created as RFC 2828 in May 2000. It was | |||
| revised as RFC 4949 and the document defines itself to be, "an | ||||
| internally consistent, complementary set of abbreviations, | internally consistent, complementary set of abbreviations, | |||
| definitions, explanations, and recommendations for use of terminology | definitions, explanations, and recommendations for use of terminology | |||
| related to information system security." The glossary makes the | related to information system security." | |||
| distinction of the listed definitions throughout the document as | ||||
| being: | ||||
| o a recommended Internet definition | ||||
| o a recommended non-Internet definition | ||||
| o not recommended as the first choice for Internet documents but | ||||
| something that an author of an Internet document would need to | ||||
| know | ||||
| o a definition that shouldn't be used in Internet documents | ||||
| o additional commentary or usage guidance | ||||
| 3.3. Compendium of Approved ITU-T Security Definitions | 3.3. Compendium of Approved ITU-T Security Definitions | |||
| http://www.itu.int/itudoc/itu-t/com17/activity/def004.html | http://www.itu.int/itudoc/itu-t/com17/activity/def004.html | |||
| Addendum to the Compendium of the Approved ITU-T Security-related | Addendum to the Compendium of the Approved ITU-T Security-related | |||
| Definitions | Definitions | |||
| http://www.itu.int/itudoc/itu-t/com17/activity/add002.html | http://www.itu.int/itudoc/itu-t/com17/activity/add002.html | |||
| These extensive materials were created from approved ITU-T | These extensive materials were created from approved ITU-T | |||
| skipping to change at page 33, line 48 | skipping to change at page 33, line 48 | |||
| Updated the date. | Updated the date. | |||
| Removed the 2119 definitions; this is an informational document. | Removed the 2119 definitions; this is an informational document. | |||
| -06 : Sixth revision of the WG ID. | -06 : Sixth revision of the WG ID. | |||
| Updated the date. | Updated the date. | |||
| Added W3C information. | Added W3C information. | |||
| -07 : Seventh revision of the WG ID. | ||||
| Updated the date. | ||||
| -08 : Eighth revision of the WG ID. | ||||
| Updated the reference to RFC 4949, found by Stephen Kent. | ||||
| Note: This section will be removed before publication as an RFC. | Note: This section will be removed before publication as an RFC. | |||
| Authors' Addresses | Authors' Addresses | |||
| Chris Lonvick | Chris Lonvick | |||
| Cisco Systems | Cisco Systems | |||
| 12515 Research Blvd. | 12515 Research Blvd. | |||
| Austin, Texas 78759 | Austin, Texas 78759 | |||
| US | US | |||
| skipping to change at page 35, line 7 | skipping to change at page 36, line 7 | |||
| Cisco Systems | Cisco Systems | |||
| 12515 Research Blvd. | 12515 Research Blvd. | |||
| Austin, Texas 78759 | Austin, Texas 78759 | |||
| US | US | |||
| Phone: +1 512 378 1720 | Phone: +1 512 378 1720 | |||
| Email: dspak@cisco.com | Email: dspak@cisco.com | |||
| Full Copyright Statement | Full Copyright Statement | |||
| Copyright (C) The IETF Trust (2007). | Copyright (C) The IETF Trust (2008). | |||
| This document is subject to the rights, licenses and restrictions | This document is subject to the rights, licenses and restrictions | |||
| contained in BCP 78, and except as set forth therein, the authors | contained in BCP 78, and except as set forth therein, the authors | |||
| retain all their rights. | retain all their rights. | |||
| This document and the information contained herein are provided on an | This document and the information contained herein are provided on an | |||
| "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS | "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS | |||
| OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND | OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND | |||
| THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS | THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS | |||
| OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF | OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF | |||
| End of changes. 13 change blocks. | ||||
| 28 lines changed or deleted | 23 lines changed or added | |||
This html diff was produced by rfcdiff 1.35. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||