draft-ietf-opsec-efforts-09.txt | draft-ietf-opsec-efforts-10.txt | |||
---|---|---|---|---|
Network Working Group C. Lonvick | Network Working Group C. Lonvick | |||
Internet-Draft D. Spak | Internet-Draft D. Spak | |||
Expires: June 14, 2009 Cisco Systems | Expires: October 15, 2009 Cisco Systems | |||
December 11, 2008 | April 13, 2009 | |||
Security Best Practices Efforts and Documents | Security Best Practices Efforts and Documents | |||
draft-ietf-opsec-efforts-09.txt | draft-ietf-opsec-efforts-10.txt | |||
Status of this Memo | Status of this Memo | |||
By submitting this Internet-Draft, each author represents that any | This Internet-Draft is submitted to IETF in full conformance with the | |||
applicable patent or other IPR claims of which he or she is aware | provisions of BCP 78 and BCP 79. | |||
have been or will be disclosed, and any of which he or she becomes | ||||
aware will be disclosed, in accordance with Section 6 of BCP 79. | ||||
Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
Task Force (IETF), its areas, and its working groups. Note that | Task Force (IETF), its areas, and its working groups. Note that | |||
other groups may also distribute working documents as Internet- | other groups may also distribute working documents as Internet- | |||
Drafts. | Drafts. | |||
Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
The list of current Internet-Drafts can be accessed at | The list of current Internet-Drafts can be accessed at | |||
http://www.ietf.org/ietf/1id-abstracts.txt. | http://www.ietf.org/ietf/1id-abstracts.txt. | |||
The list of Internet-Draft Shadow Directories can be accessed at | The list of Internet-Draft Shadow Directories can be accessed at | |||
http://www.ietf.org/shadow.html. | http://www.ietf.org/shadow.html. | |||
This Internet-Draft will expire on June 14, 2009. | This Internet-Draft will expire on October 15, 2009. | |||
Copyright Notice | ||||
Copyright (c) 2009 IETF Trust and the persons identified as the | ||||
document authors. All rights reserved. | ||||
This document is subject to BCP 78 and the IETF Trust's Legal | ||||
Provisions Relating to IETF Documents in effect on the date of | ||||
publication of this document (http://trustee.ietf.org/license-info). | ||||
Please review these documents carefully, as they describe your rights | ||||
and restrictions with respect to this document. | ||||
Abstract | Abstract | |||
This document provides a snapshot of the current efforts to define or | This document provides a snapshot of the current efforts to define or | |||
apply security requirements in various Standards Developing | apply security requirements in various Standards Developing | |||
Organizations (SDO). | Organizations (SDO). | |||
Table of Contents | Table of Contents | |||
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 5 | 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 5 | |||
skipping to change at page 4, line 16 | skipping to change at page 4, line 16 | |||
5.21. Catalogue of ITU-T Recommendations related to | 5.21. Catalogue of ITU-T Recommendations related to | |||
Communications System Security . . . . . . . . . . . . . . 25 | Communications System Security . . . . . . . . . . . . . . 25 | |||
5.22. ITU-T Security Manual . . . . . . . . . . . . . . . . . . 25 | 5.22. ITU-T Security Manual . . . . . . . . . . . . . . . . . . 25 | |||
5.23. ITU-T NGN Effort . . . . . . . . . . . . . . . . . . . . . 26 | 5.23. ITU-T NGN Effort . . . . . . . . . . . . . . . . . . . . . 26 | |||
5.24. NRIC VI Focus Groups . . . . . . . . . . . . . . . . . . . 26 | 5.24. NRIC VI Focus Groups . . . . . . . . . . . . . . . . . . . 26 | |||
5.25. OASIS Security Joint Committee . . . . . . . . . . . . . . 26 | 5.25. OASIS Security Joint Committee . . . . . . . . . . . . . . 26 | |||
5.26. OASIS Security Services (SAML) TC . . . . . . . . . . . . 27 | 5.26. OASIS Security Services (SAML) TC . . . . . . . . . . . . 27 | |||
5.27. OIF Implementation Agreements . . . . . . . . . . . . . . 27 | 5.27. OIF Implementation Agreements . . . . . . . . . . . . . . 27 | |||
5.28. TIA . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 | 5.28. TIA . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 | |||
5.29. WS-I Basic Security Profile . . . . . . . . . . . . . . . 28 | 5.29. WS-I Basic Security Profile . . . . . . . . . . . . . . . 28 | |||
5.30. NIST Special Publications (800 Series) . . . . . . . . . . 28 | ||||
5.31. NIST Interagency or Internal Reports (NISTIRs) . . . . . . 28 | ||||
5.32. NIST ITL Security Bulletins . . . . . . . . . . . . . . . 28 | ||||
6. Security Considerations . . . . . . . . . . . . . . . . . . . 29 | 6. Security Considerations . . . . . . . . . . . . . . . . . . . 29 | |||
7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 30 | 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 30 | |||
8. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 31 | 8. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 31 | |||
9. Changes from Prior Drafts . . . . . . . . . . . . . . . . . . 32 | 9. Changes from Prior Drafts . . . . . . . . . . . . . . . . . . 32 | |||
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 35 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 35 | |||
Intellectual Property and Copyright Statements . . . . . . . . . . 36 | ||||
1. Introduction | 1. Introduction | |||
The Internet is being recognized as a critical infrastructure similar | The Internet is being recognized as a critical infrastructure similar | |||
in nature to the power grid and a potable water supply. Just like | in nature to the power grid and a potable water supply. Just like | |||
those infrastructures, means are needed to provide resiliency and | those infrastructures, means are needed to provide resiliency and | |||
adaptability to the Internet so that it remains consistently | adaptability to the Internet so that it remains consistently | |||
available to the public throughout the world even during times of | available to the public throughout the world even during times of | |||
duress or attack. For this reason, many SDOs are developing | duress or attack. For this reason, many SDOs are developing | |||
standards with hopes of retaining an acceptable level, or even | standards with hopes of retaining an acceptable level, or even | |||
skipping to change at page 29, line 5 | skipping to change at page 28, line 14 | |||
5.29. WS-I Basic Security Profile | 5.29. WS-I Basic Security Profile | |||
http://www.ws-i.org/Profiles/BasicSecurityProfile-1.0.html | http://www.ws-i.org/Profiles/BasicSecurityProfile-1.0.html | |||
The WS-I Basic Security Profile 1.0 consists of a set of non- | The WS-I Basic Security Profile 1.0 consists of a set of non- | |||
proprietary Web services specifications, along with clarifications | proprietary Web services specifications, along with clarifications | |||
and amendments to those specifications which promote | and amendments to those specifications which promote | |||
interoperability. | interoperability. | |||
5.30. NIST Special Publications (800 Series) | ||||
http://csrc.nist.gov/publications/PubsSPs.html | ||||
Special Publications in the 800 series present documents of general | ||||
interest to the computer security community. The Special Publication | ||||
800 series was established in 1990 to provide a separate identity for | ||||
information technology security publications. This Special | ||||
Publication 800 series reports on ITL's research, guidelines, and | ||||
outreach efforts in computer security, and its collaborative | ||||
activities with industry, government, and academic organizations. | ||||
5.31. NIST Interagency or Internal Reports (NISTIRs) | ||||
http://csrc.nist.gov/publications/PubsNISTIRs.html | ||||
NIST Interagency or Internal Reports (NISTIRs) describe research of a | ||||
technical nature of interest to a specialized audience. The series | ||||
includes interim or final reports on work performed by NIST for | ||||
outside sponsors (both government and nongovernment). NISTIRs may | ||||
also report results of NIST projects of transitory or limited | ||||
interest, including those that will be published subsequently in more | ||||
comprehensive form. | ||||
5.32. NIST ITL Security Bulletins | ||||
http://csrc.nist.gov/publications/PubsITLSB.html | ||||
ITL Bulletins are published by NIST's Information Technology | ||||
Laboratory, with most bulletins written by the Computer Security | ||||
Division. These bulletins are published on the average of six times | ||||
a year. Each bulletin presents an in-depth discussion of a single | ||||
topic of significant interest to the information systems community. | ||||
Not all of ITL Bulletins that are published relate to computer / | ||||
network security. Only the computer security ITL Bulletins are found | ||||
here. | ||||
6. Security Considerations | 6. Security Considerations | |||
This document describes efforts to standardize security practices and | This document describes efforts to standardize security practices and | |||
documents. As such this document offers no security guidance | documents. As such this document offers no security guidance | |||
whatsoever. | whatsoever. | |||
Readers of this document should be aware of the date of publication | Readers of this document should be aware of the date of publication | |||
of this document. It is feared that they may assume that the | of this document. It is feared that they may assume that the | |||
efforts, on-line material, and documents are current whereas they may | efforts, on-line material, and documents are current whereas they may | |||
not be. Please consider this when reading this document. | not be. Please consider this when reading this document. | |||
skipping to change at page 34, line 11 | skipping to change at page 34, line 11 | |||
Updated the date. | Updated the date. | |||
-08 : Eighth revision of the WG ID. | -08 : Eighth revision of the WG ID. | |||
Updated the reference to RFC 4949, found by Stephen Kent. | Updated the reference to RFC 4949, found by Stephen Kent. | |||
-09 : Nineth revision of the WG ID. | -09 : Nineth revision of the WG ID. | |||
Updated the date. | Updated the date. | |||
-10 : Tenth revision of the WG ID. | ||||
Added references to NIST documents, recommended by Steve Wolff. | ||||
Updated the date. | ||||
Note: This section will be removed before publication as an RFC. | Note: This section will be removed before publication as an RFC. | |||
Authors' Addresses | Authors' Addresses | |||
Chris Lonvick | Chris Lonvick | |||
Cisco Systems | Cisco Systems | |||
12515 Research Blvd. | 12515 Research Blvd. | |||
Austin, Texas 78759 | Austin, Texas 78759 | |||
US | US | |||
skipping to change at page 36, line 4 | skipping to change at line 1346 | |||
Email: clonvick@cisco.com | Email: clonvick@cisco.com | |||
David Spak | David Spak | |||
Cisco Systems | Cisco Systems | |||
12515 Research Blvd. | 12515 Research Blvd. | |||
Austin, Texas 78759 | Austin, Texas 78759 | |||
US | US | |||
Phone: +1 512 378 1720 | Phone: +1 512 378 1720 | |||
Email: dspak@cisco.com | Email: dspak@cisco.com | |||
Full Copyright Statement | ||||
Copyright (C) The IETF Trust (2008). | ||||
This document is subject to the rights, licenses and restrictions | ||||
contained in BCP 78, and except as set forth therein, the authors | ||||
retain all their rights. | ||||
This document and the information contained herein are provided on an | ||||
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS | ||||
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND | ||||
THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS | ||||
OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF | ||||
THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED | ||||
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. | ||||
Intellectual Property | ||||
The IETF takes no position regarding the validity or scope of any | ||||
Intellectual Property Rights or other rights that might be claimed to | ||||
pertain to the implementation or use of the technology described in | ||||
this document or the extent to which any license under such rights | ||||
might or might not be available; nor does it represent that it has | ||||
made any independent effort to identify any such rights. Information | ||||
on the procedures with respect to rights in RFC documents can be | ||||
found in BCP 78 and BCP 79. | ||||
Copies of IPR disclosures made to the IETF Secretariat and any | ||||
assurances of licenses to be made available, or the result of an | ||||
attempt made to obtain a general license or permission for the use of | ||||
such proprietary rights by implementers or users of this | ||||
specification can be obtained from the IETF on-line IPR repository at | ||||
http://www.ietf.org/ipr. | ||||
The IETF invites any interested party to bring to its attention any | ||||
copyrights, patents or patent applications, or other proprietary | ||||
rights that may cover technology that may be required to implement | ||||
this standard. Please address the information to the IETF at | ||||
ietf-ipr@ietf.org. | ||||
End of changes. 9 change blocks. | ||||
9 lines changed or deleted | 62 lines changed or added | |||
This html diff was produced by rfcdiff 1.35. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ |