[Security_sig] draft DTL security doc

Philip Peake pjp at osdl.org
Sun Dec 12 13:11:40 PST 2004


Ed,
    good assessment - no arguments there.

In reality, this section is just a placeholder for the real thing. We =

didn't want to face up to this for this first cut because of the lack of =

time, but ended up having to because other sections were adding their =

own security items, and it made for difficult reading if you were trying =

to get any sort of overview of the sorts of security capabilities people =

were looking for.

The most important security aspect that we want to examine for the next =

round is the security architecture. We have pretty good agreement that =

security can't be acheived piece-meal, there has to be a guiding =

architecture, and that architecture needs to be flexible enough to cover =

a broad array of end user models - we only have four of them to =

consider, but they do cover a pretty broad range.

All of the items you mention have been mentioned in DTL at one time or =

another.

I (for one) am really glad that this SIG appears to be working. If we =

(DTL) can hash out our security architecture and detail in this forum, =

we stand a much better chance of  ending up with something that no only =

works relatively seamlessly with the data center security architecture, =

but which also covers the desktop models that we are working with in a =

comprehensive way.

Hopefully, this time next year, our security section will take a bit =

longer to review :-)

Philip

Ed Reed wrote:

>Quick assessment - =

>
>Typical functionality, lacks audit.  =

>
>Local audit capability is a requirement for many environments that will
>be built on the desktop.  Maybe not laptops, nor even knowlege worker
>workstations.  But certainly teller apps, cash register apps, etc.
>
>I recommend they seriously consider adding a local audit requirement, to
>complete the suite of requirements.
>
>They enumerate identification, authentication, discretionary
>authorization.  Add audit, and you have the top-level functional
>requirements for CAPP, which is appropriate.
>
>We can argue later about anti-virus or least-privilege application
>containment policies...well, we'll get to that in time.
>
>Ed
> =

> =

>  =

>
>>>>Chris Wright <chrisw at osdl.org> 12/09/04 7:02 pm >>> =

>>>>        =

>>>>
>Hi folks, =

> =

>Here's the current draft of the DTL security doc.  Please recall the =

>caveats Philip mentioned in the con call.  Something like (my =

>paraphrase, if it's nonsense blame me): =

> =

> Security was originally spread throughout the doco.  Late in process,
>we =

> decided to bite the bullet and pull the items out and coallate.  A lot =

> of these items are not done for specific security arch perspective. =

> Early drafts well, input closes next week, so it's also the draft
>that's =

> going in.  Not a final specification.  Don't want people to think it's =

> a comprehensive doc or systems approach.  We'll need to do that later =

> =

>thanks, =

>-chris =

>  =

>
>------------------------------------------------------------------------
>
>_______________________________________________
>security_sig mailing list
>security_sig at lists.osdl.org
>http://lists.osdl.org/mailman/listinfo/security_sig
>  =

>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.linux-foundation.org/pipermail/security_sig/attachments/2=
0041212/e9068a24/attachment-0001.htm


More information about the security_sig mailing list