draft-ietf-opsec-efforts-09.txt   draft-ietf-opsec-efforts-10.txt 
Network Working Group C. Lonvick Network Working Group C. Lonvick
Internet-Draft D. Spak Internet-Draft D. Spak
Expires: June 14, 2009 Cisco Systems Expires: October 15, 2009 Cisco Systems
December 11, 2008 April 13, 2009
Security Best Practices Efforts and Documents Security Best Practices Efforts and Documents
draft-ietf-opsec-efforts-09.txt draft-ietf-opsec-efforts-10.txt
Status of this Memo Status of this Memo
By submitting this Internet-Draft, each author represents that any This Internet-Draft is submitted to IETF in full conformance with the
applicable patent or other IPR claims of which he or she is aware provisions of BCP 78 and BCP 79.
have been or will be disclosed, and any of which he or she becomes
aware will be disclosed, in accordance with Section 6 of BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet- other groups may also distribute working documents as Internet-
Drafts. Drafts.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt. http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
This Internet-Draft will expire on June 14, 2009. This Internet-Draft will expire on October 15, 2009.
Copyright Notice
Copyright (c) 2009 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents in effect on the date of
publication of this document (http://trustee.ietf.org/license-info).
Please review these documents carefully, as they describe your rights
and restrictions with respect to this document.
Abstract Abstract
This document provides a snapshot of the current efforts to define or This document provides a snapshot of the current efforts to define or
apply security requirements in various Standards Developing apply security requirements in various Standards Developing
Organizations (SDO). Organizations (SDO).
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 5 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 5
skipping to change at page 4, line 16 skipping to change at page 4, line 16
5.21. Catalogue of ITU-T Recommendations related to 5.21. Catalogue of ITU-T Recommendations related to
Communications System Security . . . . . . . . . . . . . . 25 Communications System Security . . . . . . . . . . . . . . 25
5.22. ITU-T Security Manual . . . . . . . . . . . . . . . . . . 25 5.22. ITU-T Security Manual . . . . . . . . . . . . . . . . . . 25
5.23. ITU-T NGN Effort . . . . . . . . . . . . . . . . . . . . . 26 5.23. ITU-T NGN Effort . . . . . . . . . . . . . . . . . . . . . 26
5.24. NRIC VI Focus Groups . . . . . . . . . . . . . . . . . . . 26 5.24. NRIC VI Focus Groups . . . . . . . . . . . . . . . . . . . 26
5.25. OASIS Security Joint Committee . . . . . . . . . . . . . . 26 5.25. OASIS Security Joint Committee . . . . . . . . . . . . . . 26
5.26. OASIS Security Services (SAML) TC . . . . . . . . . . . . 27 5.26. OASIS Security Services (SAML) TC . . . . . . . . . . . . 27
5.27. OIF Implementation Agreements . . . . . . . . . . . . . . 27 5.27. OIF Implementation Agreements . . . . . . . . . . . . . . 27
5.28. TIA . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 5.28. TIA . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
5.29. WS-I Basic Security Profile . . . . . . . . . . . . . . . 28 5.29. WS-I Basic Security Profile . . . . . . . . . . . . . . . 28
5.30. NIST Special Publications (800 Series) . . . . . . . . . . 28
5.31. NIST Interagency or Internal Reports (NISTIRs) . . . . . . 28
5.32. NIST ITL Security Bulletins . . . . . . . . . . . . . . . 28
6. Security Considerations . . . . . . . . . . . . . . . . . . . 29 6. Security Considerations . . . . . . . . . . . . . . . . . . . 29
7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 30 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 30
8. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 31 8. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 31
9. Changes from Prior Drafts . . . . . . . . . . . . . . . . . . 32 9. Changes from Prior Drafts . . . . . . . . . . . . . . . . . . 32
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 35 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 35
Intellectual Property and Copyright Statements . . . . . . . . . . 36
1. Introduction 1. Introduction
The Internet is being recognized as a critical infrastructure similar The Internet is being recognized as a critical infrastructure similar
in nature to the power grid and a potable water supply. Just like in nature to the power grid and a potable water supply. Just like
those infrastructures, means are needed to provide resiliency and those infrastructures, means are needed to provide resiliency and
adaptability to the Internet so that it remains consistently adaptability to the Internet so that it remains consistently
available to the public throughout the world even during times of available to the public throughout the world even during times of
duress or attack. For this reason, many SDOs are developing duress or attack. For this reason, many SDOs are developing
standards with hopes of retaining an acceptable level, or even standards with hopes of retaining an acceptable level, or even
skipping to change at page 29, line 5 skipping to change at page 28, line 14
5.29. WS-I Basic Security Profile 5.29. WS-I Basic Security Profile
http://www.ws-i.org/Profiles/BasicSecurityProfile-1.0.html http://www.ws-i.org/Profiles/BasicSecurityProfile-1.0.html
The WS-I Basic Security Profile 1.0 consists of a set of non- The WS-I Basic Security Profile 1.0 consists of a set of non-
proprietary Web services specifications, along with clarifications proprietary Web services specifications, along with clarifications
and amendments to those specifications which promote and amendments to those specifications which promote
interoperability. interoperability.
5.30. NIST Special Publications (800 Series)
http://csrc.nist.gov/publications/PubsSPs.html
Special Publications in the 800 series present documents of general
interest to the computer security community. The Special Publication
800 series was established in 1990 to provide a separate identity for
information technology security publications. This Special
Publication 800 series reports on ITL's research, guidelines, and
outreach efforts in computer security, and its collaborative
activities with industry, government, and academic organizations.
5.31. NIST Interagency or Internal Reports (NISTIRs)
http://csrc.nist.gov/publications/PubsNISTIRs.html
NIST Interagency or Internal Reports (NISTIRs) describe research of a
technical nature of interest to a specialized audience. The series
includes interim or final reports on work performed by NIST for
outside sponsors (both government and nongovernment). NISTIRs may
also report results of NIST projects of transitory or limited
interest, including those that will be published subsequently in more
comprehensive form.
5.32. NIST ITL Security Bulletins
http://csrc.nist.gov/publications/PubsITLSB.html
ITL Bulletins are published by NIST's Information Technology
Laboratory, with most bulletins written by the Computer Security
Division. These bulletins are published on the average of six times
a year. Each bulletin presents an in-depth discussion of a single
topic of significant interest to the information systems community.
Not all of ITL Bulletins that are published relate to computer /
network security. Only the computer security ITL Bulletins are found
here.
6. Security Considerations 6. Security Considerations
This document describes efforts to standardize security practices and This document describes efforts to standardize security practices and
documents. As such this document offers no security guidance documents. As such this document offers no security guidance
whatsoever. whatsoever.
Readers of this document should be aware of the date of publication Readers of this document should be aware of the date of publication
of this document. It is feared that they may assume that the of this document. It is feared that they may assume that the
efforts, on-line material, and documents are current whereas they may efforts, on-line material, and documents are current whereas they may
not be. Please consider this when reading this document. not be. Please consider this when reading this document.
skipping to change at page 34, line 11 skipping to change at page 34, line 11
Updated the date. Updated the date.
-08 : Eighth revision of the WG ID. -08 : Eighth revision of the WG ID.
Updated the reference to RFC 4949, found by Stephen Kent. Updated the reference to RFC 4949, found by Stephen Kent.
-09 : Nineth revision of the WG ID. -09 : Nineth revision of the WG ID.
Updated the date. Updated the date.
-10 : Tenth revision of the WG ID.
Added references to NIST documents, recommended by Steve Wolff.
Updated the date.
Note: This section will be removed before publication as an RFC. Note: This section will be removed before publication as an RFC.
Authors' Addresses Authors' Addresses
Chris Lonvick Chris Lonvick
Cisco Systems Cisco Systems
12515 Research Blvd. 12515 Research Blvd.
Austin, Texas 78759 Austin, Texas 78759
US US
skipping to change at page 36, line 4 skipping to change at line 1346
Email: clonvick@cisco.com Email: clonvick@cisco.com
David Spak David Spak
Cisco Systems Cisco Systems
12515 Research Blvd. 12515 Research Blvd.
Austin, Texas 78759 Austin, Texas 78759
US US
Phone: +1 512 378 1720 Phone: +1 512 378 1720
Email: dspak@cisco.com Email: dspak@cisco.com
Full Copyright Statement
Copyright (C) The IETF Trust (2008).
This document is subject to the rights, licenses and restrictions
contained in BCP 78, and except as set forth therein, the authors
retain all their rights.
This document and the information contained herein are provided on an
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND
THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS
OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Intellectual Property
The IETF takes no position regarding the validity or scope of any
Intellectual Property Rights or other rights that might be claimed to
pertain to the implementation or use of the technology described in
this document or the extent to which any license under such rights
might or might not be available; nor does it represent that it has
made any independent effort to identify any such rights. Information
on the procedures with respect to rights in RFC documents can be
found in BCP 78 and BCP 79.
Copies of IPR disclosures made to the IETF Secretariat and any
assurances of licenses to be made available, or the result of an
attempt made to obtain a general license or permission for the use of
such proprietary rights by implementers or users of this
specification can be obtained from the IETF on-line IPR repository at
http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary
rights that may cover technology that may be required to implement
this standard. Please address the information to the IETF at
ietf-ipr@ietf.org.
 End of changes. 9 change blocks. 
9 lines changed or deleted 62 lines changed or added

This html diff was produced by rfcdiff 1.35. The latest version is available from http://tools.ietf.org/tools/rfcdiff/