[Security_sig] Pls review DLT Cap Doc 1.0 Security Section Draft

Philip Peake pjp at osdl.org
Fri Jan 7 12:51:00 PST 2005


My 2c on this:

The initiatives have fairly narrowly scoped coverage in order have at 
least some chance of reaching consensus and actually finishing something.

IMHO a security infrastructure is bigger than, and encompases all 
existing workgroups - I *think* that this is where the Security SIG 
comes in.
Something like an over-arching security architecture really is external 
to the workgroups, and they simply need to ensure that it provides what
they need, and that they take account of it in defining their systems.

I see the SIG defining the security architecture, with active 
input/collaberation from the workgroups.

If its not done this way, we are going to get work repeated (at best) 
and incompatabilities (at worst).

A workgroup document would still contain a security section, but that 
would concentrate on the machine/system and its interaction with the 
infrastructural security.

Am I being too optimistic here???

Philip

----------------

Emily Ratliff wrote:

> One more thing...
>
> It turns out that the firewall assumption also reveals a disconnect 
> between the DCL and DLT documents. The disconnect turns out to be 
> based on the infrastructure/environment vs. single machine view. The 
> security part of the DCL spec covers the single machine view. The DLT 
> spec is making assumptions about the DCL environment which are valid 
> but not covered by the DCL spec. I know that we had this discussion 
> when deciding on the capabilities for the DCL spec.
>
> Should there be a third document that talks about the expected DCL 
> infrastructure and the security components that it will have? Not all 
> of the security components (firewall appliance or firewall capability 
> in the router, mail scanning, etc.) will necessarily be Linux based 
> but could be. Should the environmental assumptions implicit to the DLT 
> document be made explicit in that document?
>
> Emily
>
> Emily Ratliff
> IBM Linux Technology Center, Security
> CISSP #51839
> 512-838-0409 (T/L 678-0409)
> emilyr at us.ibm.com
>




More information about the security_sig mailing list