[Security_sig] [Reminder] Security SIG conf. call - 3/31
ereed at novell.com
Thu Mar 31 08:42:49 PST 2005
First cut - work in progress.
Attached are different formatted versions of the outline I started after our last call.
Don't be put off by it's length - I deepended a little exploring features and options that ought to be rolled up into higher level requirements.
For instance, while I spend too much time describing Login Policies, it might be sufficient to say support POSIX-style password and login policies, if we can refer to them externally.
Similarly with Crypto - basically, we need to be able to let people say needs FIPS 140-2 crypto algorithms and implementations, without detailing hash algorithms, etc.
But - you get the broad idea...
3) Security Objectives
a) Objective Names & Descriptions
b) Target System Profile Descriptions
i) Database Server
ii) Mid-Tier Application Server
iii) Edge / Public Facing Network Services Server
iv) Internal Infrastructure Server
v) File / Print / Departmental / Storage Server (out of scope for DCL)
c) Objectives / Target System Coverage matrix
4) Functionality Table
5) Assurances Table
>>>Chris Wright <chrisw at osdl.org> 03/31/05 1:50 am >>>
Reminder - security SIG bi-weekly conference call
Time: 9AM to 10AM Pacific
Participant code: 932475
Note taker: TBD
- CGL security spec
- DCL security spec
- DTL (-ish) directory style authentication
- OLS BoF material
- any other business
Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the security_sig