[Security_sig] draft DTL security doc
Philip Peake
pjp at osdl.org
Sun Dec 12 13:11:40 PST 2004
Ed,
good assessment - no arguments there.
In reality, this section is just a placeholder for the real thing. We =
didn't want to face up to this for this first cut because of the lack of =
time, but ended up having to because other sections were adding their =
own security items, and it made for difficult reading if you were trying =
to get any sort of overview of the sorts of security capabilities people =
were looking for.
The most important security aspect that we want to examine for the next =
round is the security architecture. We have pretty good agreement that =
security can't be acheived piece-meal, there has to be a guiding =
architecture, and that architecture needs to be flexible enough to cover =
a broad array of end user models - we only have four of them to =
consider, but they do cover a pretty broad range.
All of the items you mention have been mentioned in DTL at one time or =
another.
I (for one) am really glad that this SIG appears to be working. If we =
(DTL) can hash out our security architecture and detail in this forum, =
we stand a much better chance of ending up with something that no only =
works relatively seamlessly with the data center security architecture, =
but which also covers the desktop models that we are working with in a =
comprehensive way.
Hopefully, this time next year, our security section will take a bit =
longer to review :-)
Philip
Ed Reed wrote:
>Quick assessment - =
>
>Typical functionality, lacks audit. =
>
>Local audit capability is a requirement for many environments that will
>be built on the desktop. Maybe not laptops, nor even knowlege worker
>workstations. But certainly teller apps, cash register apps, etc.
>
>I recommend they seriously consider adding a local audit requirement, to
>complete the suite of requirements.
>
>They enumerate identification, authentication, discretionary
>authorization. Add audit, and you have the top-level functional
>requirements for CAPP, which is appropriate.
>
>We can argue later about anti-virus or least-privilege application
>containment policies...well, we'll get to that in time.
>
>Ed
> =
> =
> =
>
>>>>Chris Wright <chrisw at osdl.org> 12/09/04 7:02 pm >>> =
>>>> =
>>>>
>Hi folks, =
> =
>Here's the current draft of the DTL security doc. Please recall the =
>caveats Philip mentioned in the con call. Something like (my =
>paraphrase, if it's nonsense blame me): =
> =
> Security was originally spread throughout the doco. Late in process,
>we =
> decided to bite the bullet and pull the items out and coallate. A lot =
> of these items are not done for specific security arch perspective. =
> Early drafts well, input closes next week, so it's also the draft
>that's =
> going in. Not a final specification. Don't want people to think it's =
> a comprehensive doc or systems approach. We'll need to do that later =
> =
>thanks, =
>-chris =
> =
>
>------------------------------------------------------------------------
>
>_______________________________________________
>security_sig mailing list
>security_sig at lists.osdl.org
>http://lists.osdl.org/mailman/listinfo/security_sig
> =
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.linux-foundation.org/pipermail/security_sig/attachments/2=
0041212/e9068a24/attachment-0001.htm
More information about the security_sig
mailing list