attachment-0001
<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=Content-Type content="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 12 (filtered medium)">
<style>
<!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=EN-US link=blue vlink=purple>
<div class=WordSection1>
<p class=MsoNormal><span style='font-size:14.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Hi Nancy,<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:14.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:14.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Thank you for your suggestion. I think the six points are valid
and reasonable. However, as with Ira’s suggestion for
internationalization, I do have problems with the reference to “future
Imaging Services”. It is my understanding that the requirements document
and the specifications apply to the Service models and operations, not an
MFD. I therefore suggest the following rewording of the first paragraph.<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:14.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:14.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>“Imaging Services may contain, process, and/or communicate
sensitive data that site policy requires be protected against </span><span
style='font-size:14.0pt;font-family:"Calibri","sans-serif"'>confidentiality and
integrity threats. Imaging Services include resources and also interact
with and access external resources, which may pose security threats to these
resources. The specification of Imaging Services should consider the
following security measures in protecting sensitive data, operational security and
interfacing resource and network security: “<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:14.0pt;font-family:"Calibri","sans-serif"'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:14.0pt;font-family:"Calibri","sans-serif"'>The
six points would then follow.<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:14.0pt;font-family:"Calibri","sans-serif"'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:14.0pt;font-family:"Calibri","sans-serif"'>Comments?<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:14.0pt;font-family:"Calibri","sans-serif"'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:14.0pt;font-family:"Calibri","sans-serif"'>Bill
Wagner<br>
<br>
</span><span style='font-size:14.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:14.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'>
<p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span
style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> mfd-bounces@pwg.org
[mailto:mfd-bounces@pwg.org] <b>On Behalf Of </b>Nancy.Chen@okidata.com<br>
<b>Sent:</b> Friday, July 16, 2010 2:00 PM<br>
<b>To:</b> mfd@pwg.org<br>
<b>Subject:</b> [MFD] Security Consideration for MFD Requirements document<o:p></o:p></span></p>
</div>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal><br>
<span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Hi All,</span> <br>
<br>
<span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Here is my
suggested text with Ira's agreement. Also thanks for Ira's minor editorial
changes.</span> <br>
<br>
<span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>"An MFD is
a network device which is subject to many threats to the<br>
confidentiality and integrity of sensitive data transmitted over the network<br>
as well as data at rest within the MFD. Many MFDs today also have the<br>
ability to interact with and access external resources, which poses security<br>
threats to other resources on the network. The design of future Imaging<br>
Services should consider the following security measures in protecting MFD<br>
data and operational security as well as its surrounding network resource<br>
security:<br>
</span><br>
<span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>(1) Include the
ability to use industry standard network security protocols<br>
to authenticate users' right to MFD operations that have direct or indirect<br>
impacts on the confidentiality and integrity of the sensitive data at rest<br>
according to the local site security policy.<br>
(2) Include the ability to use industry standard secure network protocols to<br>
transmit sensitive data over the network according to the local site<br>
security policy.<br>
(3) Include the ability to use Industry standard cryptographic algorithms<br>
compliant to the local site policy to protect internal MFD data at rest.<br>
(4) Include security state attributes that can be monitored and/or validated<br>
by Industry standard network access protocols to prevent or minimize the<br>
threats that the MFD can pose to other network resources if these security<br>
state attributes are compromised.<br>
(5) Include service operation and internal data access control policies in<br>
order to support the local site security policy.<br>
(6) Include the ability to generate and store audit log records in Industry<br>
standard formats for all security related events in accordance with the<br>
local site security policy."</span> <br>
<br>
<span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>-Nancy</span> <br>
<span style='font-size:10.0pt;font-family:"Arial","sans-serif"'><br>
--------------------------------------------------------------------------------------------------<br>
Nancy Chen, PWG Vice-Chair<br>
Principal Engineer<br>
Solutions and Technology<br>
Oki Data<br>
2000 Bishops Gate Blvd.<br>
Mt. Laurel, NJ 08054<br>
Phone: (856)222-7006<br>
Email: Nancy.Chen@okidata.com</span><br>
-- <br>
This message has been scanned for viruses and <br>
dangerous content by <a href="http://www.mailscanner.info/"><b>MailScanner</b></a>,
and is <br>
believed to be clean. <o:p></o:p></p>
</div>
<br />--
<br />This message has been scanned for viruses and
<br />dangerous content by
<a href="http://www.mailscanner.info/"><b>MailScanner</b></a>, and is
<br />believed to be clean.
</body>
</html>