[Security_sig] [Reminder] Security SIG conf. call - 3/31

Ed Reed ereed at novell.com
Thu Mar 31 08:42:49 PST 2005


First cut - work in progress. 
 
Attached are different formatted versions of the outline I started after our last call. 
 
Don't be put off by it's length - I deepended a little exploring features and options that ought to be rolled up into higher level requirements. 
 
For instance, while I spend too much time describing Login Policies, it might be sufficient to say support POSIX-style password and login policies, if we can refer to them externally. 
 
Similarly with Crypto - basically, we need to be able to let people say needs FIPS 140-2 crypto algorithms and implementations, without detailing hash algorithms, etc. 
 
But - you get the broad idea... 
 
Outline: 
1) Introduction 
2) Definitions 
3) Security Objectives 
    a) Objective Names & Descriptions 
    b) Target System Profile Descriptions 
         i) Database Server 
         ii) Mid-Tier Application Server 
         iii) Edge / Public Facing Network Services Server 
         iv) Internal Infrastructure Server 
         v) File / Print / Departmental / Storage Server (out of scope for DCL) 
     c) Objectives / Target System Coverage matrix 
4) Functionality Table 
5) Assurances Table 
6) Appendixes

>>>Chris Wright <chrisw at osdl.org> 03/31/05 1:50 am >>>
Reminder - security SIG bi-weekly conference call
Date: 3/31/05
Time: 9AM to 10AM Pacific
Toll-free: 1-800-211-0633
Toll: 1-719-867-0485
Participant code: 932475

Note taker: TBD

Agenda

- CGL security spec
- DCL security spec
- DTL (-ish) directory style authentication
- OLS BoF material
- any other business

thanks,
-chris
--
Linux Security Modules     http://lsm.immunix.org     http://lsm.bkbits.net

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.linux-foundation.org/pipermail/security_sig/attachments/20050331/342a0378/attachment-0001.htm


More information about the security_sig mailing list