Bill,
I really like the document thus far. It is getting a little long but
could not exactly figure out how to shorten.
In "Access Control According to User Roles" (near the end) you use "MFP"
while everywhere in the document you use "Hardcopy Device". I would
suggest changing MPF to HCD.
In "Data Security" (second sentence) you discuss "classified document".
The P2600 specifically does not address "classified documents". I
would suggest changing "classified" to "confidentiality".
Glen
________________________________
From: mfd-bounces at pwg.org [mailto:mfd-bounces at pwg.org] On Behalf Of
William Wagner
Sent: Sunday, January 30, 2011 3:31 PM
To: wims at pwg.org; ids at pwg.org; mfd at pwg.org
Subject: [MFD] MPSA Security Article
Greetings:
There have been contributions and edits to the draft MPSA user access
article from Michael Sweet and Joe Murdock, and constructive comments
from others. I have incorporated the contributions, with some edits, and
reorganized the article a bit. Current version is at
ftp://ftp.pwg.org/pub/pwg/general/MPSA/Access_article_110130.doc.
I suggest that the section on data security (other than relating to
access control) is not appropriate to this article, although that is
open to discussion. That area is highlighted, with the intent of using
it in some other article.
There is more that should be in this one though, and we have the survey
questions to formulate. As Michael observed, we also need to address
our audience better...this is not a spec and many of the terms that have
very specific meanings to us may have different meanings to a managed
print services provider (such as service and job). We will talk about
this at the WIMS and IDS meetings next Thursday...but comments on the
mail lists would be appreciated.
Many thanks,
Bill Wagner
From: William Wagner [mailto:wamwagner at comcast.net]
Sent: Monday, January 17, 2011 1:45 PM
To: wims at pwg.org; 'ids at pwg.org'; 'mfd at pwg.org'
Subject: MPSA Security Article
Attached (perhaps) and posted at is a skeleton draft of the February
Access article for the MPSA, preceded by the original outline. Most of
the information is edited from the MFD Model document security section
by Nancy Chen (which was removed in favor of a simple IEEE-2600
reference). The draft currently is incohesive, incomplete, and
non-compelling. I solicit contributions on Identification,
Authentication and Authorization, and on Logging, as well as comments on
the overall structure and intent of the article.
I have agreed to edit and integrate contributions to provide a competed
article (although I would be willing to surrender that pleasure should
someone else volunteer.) It is our objective to get a reasonable article
to Jim Fitzpatrick for the February contribution. Although that
suggests 28 January , depending upon how well the article takes shape,
we may want to discuss this at the February face-to-face and submit it
by 3 February.
We also need to consider the questions we wish to include in the
associated survey. The questions should be geared to helping us
understand how MPSA members see these security issues in their business,
particularly with an aim to what we might do to better satisfy their
problems by informing them what is available, by better documenting what
might be done, and by making our PWG member companies aware of the
perceived problems and needs.
Many thanks,
Bill Wagner
--
This message has been scanned for viruses and
dangerous content by MailScanner <http://www.mailscanner.info/> , and is
believed to be clean.
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.pwg.org/pipermail/ids/attachments/20110131/eda156bc/attachment-0001.html>