draft-ietf-opsec-efforts-07.txt   draft-ietf-opsec-efforts-08.txt 
Network Working Group C. Lonvick Network Working Group C. Lonvick
Internet-Draft D. Spak Internet-Draft D. Spak
Expires: June 19, 2008 Cisco Systems Expires: December 8, 2008 Cisco Systems
December 17, 2007 June 6, 2008
Security Best Practices Efforts and Documents Security Best Practices Efforts and Documents
draft-ietf-opsec-efforts-07.txt draft-ietf-opsec-efforts-08.txt
Status of this Memo Status of this Memo
By submitting this Internet-Draft, each author represents that any By submitting this Internet-Draft, each author represents that any
applicable patent or other IPR claims of which he or she is aware applicable patent or other IPR claims of which he or she is aware
have been or will be disclosed, and any of which he or she becomes have been or will be disclosed, and any of which he or she becomes
aware will be disclosed, in accordance with Section 6 of BCP 79. aware will be disclosed, in accordance with Section 6 of BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
skipping to change at page 1, line 34 skipping to change at page 1, line 34
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt. http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
This Internet-Draft will expire on June 19, 2008. This Internet-Draft will expire on December 8, 2008.
Copyright Notice Copyright Notice
Copyright (C) The IETF Trust (2007). Copyright (C) The IETF Trust (2008).
Abstract Abstract
This document provides a snapshot of the current efforts to define or This document provides a snapshot of the current efforts to define or
apply security requirements in various Standards Developing apply security requirements in various Standards Developing
Organizations (SDO). Organizations (SDO).
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 5 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 5
2. Format of this Document . . . . . . . . . . . . . . . . . . . 7 2. Format of this Document . . . . . . . . . . . . . . . . . . . 7
3. Online Security Glossaries . . . . . . . . . . . . . . . . . . 8 3. Online Security Glossaries . . . . . . . . . . . . . . . . . . 8
3.1. ATIS Telecom Glossary 2000 . . . . . . . . . . . . . . . . 8 3.1. ATIS Telecom Glossary 2000 . . . . . . . . . . . . . . . . 8
3.2. Internet Security Glossary - RFC 2828 . . . . . . . . . . 8 3.2. Internet Security Glossary - RFC 4949 . . . . . . . . . . 8
3.3. Compendium of Approved ITU-T Security Definitions . . . . 8 3.3. Compendium of Approved ITU-T Security Definitions . . . . 8
3.4. Microsoft Solutions for Security Glossary . . . . . . . . 9 3.4. Microsoft Solutions for Security Glossary . . . . . . . . 8
3.5. SANS Glossary of Security Terms . . . . . . . . . . . . . 9 3.5. SANS Glossary of Security Terms . . . . . . . . . . . . . 9
3.6. Security Taxonomy and Glossary - Anne & Lynn Wheeler . . . 9 3.6. Security Taxonomy and Glossary - Anne & Lynn Wheeler . . . 9
4. Standards Developing Organizations . . . . . . . . . . . . . . 10 4. Standards Developing Organizations . . . . . . . . . . . . . . 10
4.1. 3GPP - Third Generation Partnership Project . . . . . . . 10 4.1. 3GPP - Third Generation Partnership Project . . . . . . . 10
4.2. 3GPP2 - Third Generation Partnership Project 2 . . . . . . 10 4.2. 3GPP2 - Third Generation Partnership Project 2 . . . . . . 10
4.3. ANSI - The American National Standards Institute . . . . . 10 4.3. ANSI - The American National Standards Institute . . . . . 10
4.3.1. Accredited Standards Committee X9 (ASC X9) . . . . . . 10 4.3.1. Accredited Standards Committee X9 (ASC X9) . . . . . . 10
4.4. ATIS - Alliance for Telecommunications Industry 4.4. ATIS - Alliance for Telecommunications Industry
Solutions . . . . . . . . . . . . . . . . . . . . . . . . 11 Solutions . . . . . . . . . . . . . . . . . . . . . . . . 11
4.4.1. ATIS NIPP - Network Interface, Power, and 4.4.1. ATIS NIPP - Network Interface, Power, and
skipping to change at page 4, line 20 skipping to change at page 4, line 20
5.24. NRIC VI Focus Groups . . . . . . . . . . . . . . . . . . . 26 5.24. NRIC VI Focus Groups . . . . . . . . . . . . . . . . . . . 26
5.25. OASIS Security Joint Committee . . . . . . . . . . . . . . 26 5.25. OASIS Security Joint Committee . . . . . . . . . . . . . . 26
5.26. OASIS Security Services (SAML) TC . . . . . . . . . . . . 27 5.26. OASIS Security Services (SAML) TC . . . . . . . . . . . . 27
5.27. OIF Implementation Agreements . . . . . . . . . . . . . . 27 5.27. OIF Implementation Agreements . . . . . . . . . . . . . . 27
5.28. TIA . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 5.28. TIA . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
5.29. WS-I Basic Security Profile . . . . . . . . . . . . . . . 28 5.29. WS-I Basic Security Profile . . . . . . . . . . . . . . . 28
6. Security Considerations . . . . . . . . . . . . . . . . . . . 29 6. Security Considerations . . . . . . . . . . . . . . . . . . . 29
7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 30 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 30
8. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 31 8. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 31
9. Changes from Prior Drafts . . . . . . . . . . . . . . . . . . 32 9. Changes from Prior Drafts . . . . . . . . . . . . . . . . . . 32
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 34 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 35
Intellectual Property and Copyright Statements . . . . . . . . . . 35 Intellectual Property and Copyright Statements . . . . . . . . . . 36
1. Introduction 1. Introduction
The Internet is being recognized as a critical infrastructure similar The Internet is being recognized as a critical infrastructure similar
in nature to the power grid and a potable water supply. Just like in nature to the power grid and a potable water supply. Just like
those infrastructures, means are needed to provide resiliency and those infrastructures, means are needed to provide resiliency and
adaptability to the Internet so that it remains consistently adaptability to the Internet so that it remains consistently
available to the public throughout the world even during times of available to the public throughout the world even during times of
duress or attack. For this reason, many SDOs are developing duress or attack. For this reason, many SDOs are developing
standards with hopes of retaining an acceptable level, or even standards with hopes of retaining an acceptable level, or even
skipping to change at page 8, line 21 skipping to change at page 8, line 21
http://www.atis.org/tg2k/ http://www.atis.org/tg2k/
Under an approved T1 standards project (T1A1-20), an existing 5800- Under an approved T1 standards project (T1A1-20), an existing 5800-
entry, search-enabled hypertext telecommunications glossary titled entry, search-enabled hypertext telecommunications glossary titled
Federal Standard 1037C, Glossary of Telecommunication Terms was Federal Standard 1037C, Glossary of Telecommunication Terms was
updated and matured into this glossary, T1.523-2001, Telecom Glossary updated and matured into this glossary, T1.523-2001, Telecom Glossary
2000. This updated glossary was posted on the Web as an American 2000. This updated glossary was posted on the Web as an American
National Standard (ANS). National Standard (ANS).
3.2. Internet Security Glossary - RFC 2828 3.2. Internet Security Glossary - RFC 4949
http://www.ietf.org/rfc/rfc2828.txt http://www.ietf.org/rfc/rfc4949.txt
Created in May 2000, the document defines itself to be, "an This document was originally created as RFC 2828 in May 2000. It was
revised as RFC 4949 and the document defines itself to be, "an
internally consistent, complementary set of abbreviations, internally consistent, complementary set of abbreviations,
definitions, explanations, and recommendations for use of terminology definitions, explanations, and recommendations for use of terminology
related to information system security." The glossary makes the related to information system security."
distinction of the listed definitions throughout the document as
being:
o a recommended Internet definition
o a recommended non-Internet definition
o not recommended as the first choice for Internet documents but
something that an author of an Internet document would need to
know
o a definition that shouldn't be used in Internet documents
o additional commentary or usage guidance
3.3. Compendium of Approved ITU-T Security Definitions 3.3. Compendium of Approved ITU-T Security Definitions
http://www.itu.int/itudoc/itu-t/com17/activity/def004.html http://www.itu.int/itudoc/itu-t/com17/activity/def004.html
Addendum to the Compendium of the Approved ITU-T Security-related Addendum to the Compendium of the Approved ITU-T Security-related
Definitions Definitions
http://www.itu.int/itudoc/itu-t/com17/activity/add002.html http://www.itu.int/itudoc/itu-t/com17/activity/add002.html
These extensive materials were created from approved ITU-T These extensive materials were created from approved ITU-T
skipping to change at page 33, line 48 skipping to change at page 33, line 48
Updated the date. Updated the date.
Removed the 2119 definitions; this is an informational document. Removed the 2119 definitions; this is an informational document.
-06 : Sixth revision of the WG ID. -06 : Sixth revision of the WG ID.
Updated the date. Updated the date.
Added W3C information. Added W3C information.
-07 : Seventh revision of the WG ID.
Updated the date.
-08 : Eighth revision of the WG ID.
Updated the reference to RFC 4949, found by Stephen Kent.
Note: This section will be removed before publication as an RFC. Note: This section will be removed before publication as an RFC.
Authors' Addresses Authors' Addresses
Chris Lonvick Chris Lonvick
Cisco Systems Cisco Systems
12515 Research Blvd. 12515 Research Blvd.
Austin, Texas 78759 Austin, Texas 78759
US US
skipping to change at page 35, line 7 skipping to change at page 36, line 7
Cisco Systems Cisco Systems
12515 Research Blvd. 12515 Research Blvd.
Austin, Texas 78759 Austin, Texas 78759
US US
Phone: +1 512 378 1720 Phone: +1 512 378 1720
Email: dspak@cisco.com Email: dspak@cisco.com
Full Copyright Statement Full Copyright Statement
Copyright (C) The IETF Trust (2007). Copyright (C) The IETF Trust (2008).
This document is subject to the rights, licenses and restrictions This document is subject to the rights, licenses and restrictions
contained in BCP 78, and except as set forth therein, the authors contained in BCP 78, and except as set forth therein, the authors
retain all their rights. retain all their rights.
This document and the information contained herein are provided on an This document and the information contained herein are provided on an
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND
THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS
OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
 End of changes. 13 change blocks. 
28 lines changed or deleted 23 lines changed or added

This html diff was produced by rfcdiff 1.35. The latest version is available from http://tools.ietf.org/tools/rfcdiff/