As there has been some email on this and we have discussed
it in our Security subgroup, I wanted to float a proposal and see
what comments you all have. Given last weeks decusion on http,
I believe that we now have a small set of choices for IPP security.
My view is that an installation can choose to implement whatever
of these services they want, as each provides unique capabilities
...at some price...
The choices for security are:
(1) http basic authentication
- not really secure, but probably viable within a trusted environment
where security is not an issue. Probably used only for identification,
possibly only for accounting purposes. Does not provide any
message protection.
(2) http digest access authentication
- not stong authentication, but viable within a trusted environment
where one wants a lightweight solution but does not want passwords
sent in the clear as in basic authentication. Would be used when
authorization to use resources is required. Does not provide any
message protection.
(3) SSL or TLS
- strong security when operating outside of a trusted environment. Does
require more infrastructure to support. Would be required when strong
authentication or message protection (privacy, integrity, non-repudiation)
is needed.
Given this set of choices, it seems that we only need something in the directory
that says this Printer requires some authentication to get to it (could be any
of
(1), (2), or (3). That is, if I want to use this Printer I must be prepared to
offer some
credentials.
A Printer that supports (1) or (2) simply uses the existing http
authentication mechanisms. A Printer which uses (3) would
advertise a URI that would indicate SSL or TLS was to be used in the http
session.
Roger K deBry
Senior Techncial Staff Member
Architecture and Technology
IBM Printing Systems
email: rdebry at us.ibm.com
phone: 1-303-924-4080