draft-ietf-opsec-efforts-07.txt | draft-ietf-opsec-efforts-08.txt | |||
---|---|---|---|---|
Network Working Group C. Lonvick | Network Working Group C. Lonvick | |||
Internet-Draft D. Spak | Internet-Draft D. Spak | |||
Expires: June 19, 2008 Cisco Systems | Expires: December 8, 2008 Cisco Systems | |||
December 17, 2007 | June 6, 2008 | |||
Security Best Practices Efforts and Documents | Security Best Practices Efforts and Documents | |||
draft-ietf-opsec-efforts-07.txt | draft-ietf-opsec-efforts-08.txt | |||
Status of this Memo | Status of this Memo | |||
By submitting this Internet-Draft, each author represents that any | By submitting this Internet-Draft, each author represents that any | |||
applicable patent or other IPR claims of which he or she is aware | applicable patent or other IPR claims of which he or she is aware | |||
have been or will be disclosed, and any of which he or she becomes | have been or will be disclosed, and any of which he or she becomes | |||
aware will be disclosed, in accordance with Section 6 of BCP 79. | aware will be disclosed, in accordance with Section 6 of BCP 79. | |||
Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
Task Force (IETF), its areas, and its working groups. Note that | Task Force (IETF), its areas, and its working groups. Note that | |||
skipping to change at page 1, line 34 | skipping to change at page 1, line 34 | |||
and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
The list of current Internet-Drafts can be accessed at | The list of current Internet-Drafts can be accessed at | |||
http://www.ietf.org/ietf/1id-abstracts.txt. | http://www.ietf.org/ietf/1id-abstracts.txt. | |||
The list of Internet-Draft Shadow Directories can be accessed at | The list of Internet-Draft Shadow Directories can be accessed at | |||
http://www.ietf.org/shadow.html. | http://www.ietf.org/shadow.html. | |||
This Internet-Draft will expire on June 19, 2008. | This Internet-Draft will expire on December 8, 2008. | |||
Copyright Notice | Copyright Notice | |||
Copyright (C) The IETF Trust (2007). | Copyright (C) The IETF Trust (2008). | |||
Abstract | Abstract | |||
This document provides a snapshot of the current efforts to define or | This document provides a snapshot of the current efforts to define or | |||
apply security requirements in various Standards Developing | apply security requirements in various Standards Developing | |||
Organizations (SDO). | Organizations (SDO). | |||
Table of Contents | Table of Contents | |||
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 5 | 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 5 | |||
2. Format of this Document . . . . . . . . . . . . . . . . . . . 7 | 2. Format of this Document . . . . . . . . . . . . . . . . . . . 7 | |||
3. Online Security Glossaries . . . . . . . . . . . . . . . . . . 8 | 3. Online Security Glossaries . . . . . . . . . . . . . . . . . . 8 | |||
3.1. ATIS Telecom Glossary 2000 . . . . . . . . . . . . . . . . 8 | 3.1. ATIS Telecom Glossary 2000 . . . . . . . . . . . . . . . . 8 | |||
3.2. Internet Security Glossary - RFC 2828 . . . . . . . . . . 8 | 3.2. Internet Security Glossary - RFC 4949 . . . . . . . . . . 8 | |||
3.3. Compendium of Approved ITU-T Security Definitions . . . . 8 | 3.3. Compendium of Approved ITU-T Security Definitions . . . . 8 | |||
3.4. Microsoft Solutions for Security Glossary . . . . . . . . 9 | 3.4. Microsoft Solutions for Security Glossary . . . . . . . . 8 | |||
3.5. SANS Glossary of Security Terms . . . . . . . . . . . . . 9 | 3.5. SANS Glossary of Security Terms . . . . . . . . . . . . . 9 | |||
3.6. Security Taxonomy and Glossary - Anne & Lynn Wheeler . . . 9 | 3.6. Security Taxonomy and Glossary - Anne & Lynn Wheeler . . . 9 | |||
4. Standards Developing Organizations . . . . . . . . . . . . . . 10 | 4. Standards Developing Organizations . . . . . . . . . . . . . . 10 | |||
4.1. 3GPP - Third Generation Partnership Project . . . . . . . 10 | 4.1. 3GPP - Third Generation Partnership Project . . . . . . . 10 | |||
4.2. 3GPP2 - Third Generation Partnership Project 2 . . . . . . 10 | 4.2. 3GPP2 - Third Generation Partnership Project 2 . . . . . . 10 | |||
4.3. ANSI - The American National Standards Institute . . . . . 10 | 4.3. ANSI - The American National Standards Institute . . . . . 10 | |||
4.3.1. Accredited Standards Committee X9 (ASC X9) . . . . . . 10 | 4.3.1. Accredited Standards Committee X9 (ASC X9) . . . . . . 10 | |||
4.4. ATIS - Alliance for Telecommunications Industry | 4.4. ATIS - Alliance for Telecommunications Industry | |||
Solutions . . . . . . . . . . . . . . . . . . . . . . . . 11 | Solutions . . . . . . . . . . . . . . . . . . . . . . . . 11 | |||
4.4.1. ATIS NIPP - Network Interface, Power, and | 4.4.1. ATIS NIPP - Network Interface, Power, and | |||
skipping to change at page 4, line 20 | skipping to change at page 4, line 20 | |||
5.24. NRIC VI Focus Groups . . . . . . . . . . . . . . . . . . . 26 | 5.24. NRIC VI Focus Groups . . . . . . . . . . . . . . . . . . . 26 | |||
5.25. OASIS Security Joint Committee . . . . . . . . . . . . . . 26 | 5.25. OASIS Security Joint Committee . . . . . . . . . . . . . . 26 | |||
5.26. OASIS Security Services (SAML) TC . . . . . . . . . . . . 27 | 5.26. OASIS Security Services (SAML) TC . . . . . . . . . . . . 27 | |||
5.27. OIF Implementation Agreements . . . . . . . . . . . . . . 27 | 5.27. OIF Implementation Agreements . . . . . . . . . . . . . . 27 | |||
5.28. TIA . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 | 5.28. TIA . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 | |||
5.29. WS-I Basic Security Profile . . . . . . . . . . . . . . . 28 | 5.29. WS-I Basic Security Profile . . . . . . . . . . . . . . . 28 | |||
6. Security Considerations . . . . . . . . . . . . . . . . . . . 29 | 6. Security Considerations . . . . . . . . . . . . . . . . . . . 29 | |||
7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 30 | 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 30 | |||
8. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 31 | 8. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 31 | |||
9. Changes from Prior Drafts . . . . . . . . . . . . . . . . . . 32 | 9. Changes from Prior Drafts . . . . . . . . . . . . . . . . . . 32 | |||
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 34 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 35 | |||
Intellectual Property and Copyright Statements . . . . . . . . . . 35 | Intellectual Property and Copyright Statements . . . . . . . . . . 36 | |||
1. Introduction | 1. Introduction | |||
The Internet is being recognized as a critical infrastructure similar | The Internet is being recognized as a critical infrastructure similar | |||
in nature to the power grid and a potable water supply. Just like | in nature to the power grid and a potable water supply. Just like | |||
those infrastructures, means are needed to provide resiliency and | those infrastructures, means are needed to provide resiliency and | |||
adaptability to the Internet so that it remains consistently | adaptability to the Internet so that it remains consistently | |||
available to the public throughout the world even during times of | available to the public throughout the world even during times of | |||
duress or attack. For this reason, many SDOs are developing | duress or attack. For this reason, many SDOs are developing | |||
standards with hopes of retaining an acceptable level, or even | standards with hopes of retaining an acceptable level, or even | |||
skipping to change at page 8, line 21 | skipping to change at page 8, line 21 | |||
http://www.atis.org/tg2k/ | http://www.atis.org/tg2k/ | |||
Under an approved T1 standards project (T1A1-20), an existing 5800- | Under an approved T1 standards project (T1A1-20), an existing 5800- | |||
entry, search-enabled hypertext telecommunications glossary titled | entry, search-enabled hypertext telecommunications glossary titled | |||
Federal Standard 1037C, Glossary of Telecommunication Terms was | Federal Standard 1037C, Glossary of Telecommunication Terms was | |||
updated and matured into this glossary, T1.523-2001, Telecom Glossary | updated and matured into this glossary, T1.523-2001, Telecom Glossary | |||
2000. This updated glossary was posted on the Web as an American | 2000. This updated glossary was posted on the Web as an American | |||
National Standard (ANS). | National Standard (ANS). | |||
3.2. Internet Security Glossary - RFC 2828 | 3.2. Internet Security Glossary - RFC 4949 | |||
http://www.ietf.org/rfc/rfc2828.txt | http://www.ietf.org/rfc/rfc4949.txt | |||
Created in May 2000, the document defines itself to be, "an | This document was originally created as RFC 2828 in May 2000. It was | |||
revised as RFC 4949 and the document defines itself to be, "an | ||||
internally consistent, complementary set of abbreviations, | internally consistent, complementary set of abbreviations, | |||
definitions, explanations, and recommendations for use of terminology | definitions, explanations, and recommendations for use of terminology | |||
related to information system security." The glossary makes the | related to information system security." | |||
distinction of the listed definitions throughout the document as | ||||
being: | ||||
o a recommended Internet definition | ||||
o a recommended non-Internet definition | ||||
o not recommended as the first choice for Internet documents but | ||||
something that an author of an Internet document would need to | ||||
know | ||||
o a definition that shouldn't be used in Internet documents | ||||
o additional commentary or usage guidance | ||||
3.3. Compendium of Approved ITU-T Security Definitions | 3.3. Compendium of Approved ITU-T Security Definitions | |||
http://www.itu.int/itudoc/itu-t/com17/activity/def004.html | http://www.itu.int/itudoc/itu-t/com17/activity/def004.html | |||
Addendum to the Compendium of the Approved ITU-T Security-related | Addendum to the Compendium of the Approved ITU-T Security-related | |||
Definitions | Definitions | |||
http://www.itu.int/itudoc/itu-t/com17/activity/add002.html | http://www.itu.int/itudoc/itu-t/com17/activity/add002.html | |||
These extensive materials were created from approved ITU-T | These extensive materials were created from approved ITU-T | |||
skipping to change at page 33, line 48 | skipping to change at page 33, line 48 | |||
Updated the date. | Updated the date. | |||
Removed the 2119 definitions; this is an informational document. | Removed the 2119 definitions; this is an informational document. | |||
-06 : Sixth revision of the WG ID. | -06 : Sixth revision of the WG ID. | |||
Updated the date. | Updated the date. | |||
Added W3C information. | Added W3C information. | |||
-07 : Seventh revision of the WG ID. | ||||
Updated the date. | ||||
-08 : Eighth revision of the WG ID. | ||||
Updated the reference to RFC 4949, found by Stephen Kent. | ||||
Note: This section will be removed before publication as an RFC. | Note: This section will be removed before publication as an RFC. | |||
Authors' Addresses | Authors' Addresses | |||
Chris Lonvick | Chris Lonvick | |||
Cisco Systems | Cisco Systems | |||
12515 Research Blvd. | 12515 Research Blvd. | |||
Austin, Texas 78759 | Austin, Texas 78759 | |||
US | US | |||
skipping to change at page 35, line 7 | skipping to change at page 36, line 7 | |||
Cisco Systems | Cisco Systems | |||
12515 Research Blvd. | 12515 Research Blvd. | |||
Austin, Texas 78759 | Austin, Texas 78759 | |||
US | US | |||
Phone: +1 512 378 1720 | Phone: +1 512 378 1720 | |||
Email: dspak@cisco.com | Email: dspak@cisco.com | |||
Full Copyright Statement | Full Copyright Statement | |||
Copyright (C) The IETF Trust (2007). | Copyright (C) The IETF Trust (2008). | |||
This document is subject to the rights, licenses and restrictions | This document is subject to the rights, licenses and restrictions | |||
contained in BCP 78, and except as set forth therein, the authors | contained in BCP 78, and except as set forth therein, the authors | |||
retain all their rights. | retain all their rights. | |||
This document and the information contained herein are provided on an | This document and the information contained herein are provided on an | |||
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS | "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS | |||
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND | OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND | |||
THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS | THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS | |||
OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF | OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF | |||
End of changes. 13 change blocks. | ||||
28 lines changed or deleted | 23 lines changed or added | |||
This html diff was produced by rfcdiff 1.35. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ |