[Security_sig] Pls review DLT Cap Doc 1.0 Security Section Draft

Mary Edie Meredith maryedie at osdl.org
Fri Jan 7 13:33:19 PST 2005 

{snip]
> I see the SIG defining the security architecture, with active 
> input/collaberation from the workgroups.

Unless I'm missing something, that's just what Emily did by noticing an
assumption that might be missing from Data Center which was a result of
the Security SIG review of Desk top.

I took note also, Emily, of those two items.  We have internal review
time on the DCL new Security section until Jan 24, so there is still
time to get these new assumptions flushed out if it's something people
agree we missed.  

Can we hear more opinions?  Perhaps someone could propose the new
assumptions and a list of capabilities that the assumptions would imply
(for _servers, not the desk top).


> 
> If its not done this way, we are going to get work repeated (at best) 
> and incompatabilities (at worst).
> 
> A workgroup document would still contain a security section, but that 
> would concentrate on the machine/system and its interaction with the 
> infrastructural security.
> 
> Am I being too optimistic here???
> 
> Philip
> 
> ----------------
> 
> Emily Ratliff wrote:
> 
> > One more thing...
> >
> > It turns out that the firewall assumption also reveals a disconnect 
> > between the DCL and DLT documents. The disconnect turns out to be 
> > based on the infrastructure/environment vs. single machine view. The 
> > security part of the DCL spec covers the single machine view. The DLT 
> > spec is making assumptions about the DCL environment which are valid 
> > but not covered by the DCL spec. I know that we had this discussion 
> > when deciding on the capabilities for the DCL spec.
> >
> > Should there be a third document that talks about the expected DCL 
> > infrastructure and the security components that it will have? Not all 
> > of the security components (firewall appliance or firewall capability 
> > in the router, mail scanning, etc.) will necessarily be Linux based 
> > but could be. Should the environmental assumptions implicit to the DLT 
> > document be made explicit in that document?
> >
> > Emily
> >
> > Emily Ratliff
> > IBM Linux Technology Center, Security
> > CISSP #51839
> > 512-838-0409 (T/L 678-0409)
> > emilyr at us.ibm.com
> >
> 
> _______________________________________________
> security_sig mailing list
> security_sig at lists.osdl.org
> http://lists.osdl.org/mailman/listinfo/security_sig
-- 
Mary Edie Meredith 
maryedie at osdl.org
503-906-1942
Open Source Development Labs

More information about the security_sig mailing list