Hi,
Quoting from Dave Harrington's note on IETF SACM WG list today:
"You seem to be making security optional, with "MAY support mutual
authentication" etc. Please look at RFC3365, which specifies an IETF
requirement for IETF standards.
The IESG will consider the RFC3365 requirements when deciding whether
to approve our documents.
If we are going to talk about "policy", we should make sure our terminology
is consistent with previous IETF publications related to policy. I'd start
with
RFC4949, since we are a SEC area WG.
We should probably at least look at:
RFC2753 - A Framework for Policy-based Admission Control
RFC2768 - Network Policy and Services: A Report of a Workshop on Middleware
RFC3060 - Policy Core Information Model -- Version 1 Specification
RFC3198 - Terminology for Policy-Based Management
RFC3571 - Framework Policy Information Base for Usage Feedback
Policy-based management, of which at least part of SACM appears to be a
subset, has been discussed in the IETF. There are a number of IETF
standards
and documents that resulted from prior efforts.
A great deal of thought went into the work, and we should not ignore what
has already been done.
RFC3060 has a data model (and an inherent information model) for describing
policies, including policies, groups, rules, properties of rules (enabled,
priority,
etc.), conditions, periods, actions, constraints, repository, associations,
aggregations, components, and so on.
They may not apply directly to the work we are doing, but the discussions we
have been having certainly seem to be related to this prior work.
RFC3571 has an information model for monitoring the usage of policies.
This includes allowing one architectural entity (I'll be glad when we reach
consensus on some terms we can use to talk about these things)
To query another architectural entity (such as an evaluator) to determine
which
policies (evaluations) are supported, intervals for periodic reporting,
actions,
thresholds, etc.
Much of the work on policy was a joint effort with people from DMTF."
Cheers,
- Ira
Ira McDonald (Musician / Software Architect)
Chair - Linux Foundation Open Printing WG
Secretary - IEEE-ISTO Printer Working Group
Co-Chair - IEEE-ISTO PWG IPP WG
Co-Chair - TCG Trusted Mobility Solutions WG
Chair - TCG Embedded Systems Hardcopy SG
IETF Designated Expert - IPP & Printer MIB
Blue Roof Music/High North Inc
http://sites.google.com/site/blueroofmusichttp://sites.google.com/site/highnorthinc
mailto:blueroofmusic at gmail.com
Winter 579 Park Place Saline, MI 48176 734-944-0094
Summer PO Box 221 Grand Marais, MI 49839 906-494-2434
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.pwg.org/pipermail/ids/attachments/20131028/daea66a0/attachment.html>