[MFD] Resource Service updates for Security

[MFD] Resource Service updates for Security

Ira McDonald blueroofmusic at gmail.com
Tue May 12 19:15:34 UTC 2009


Hi Nancy,                                          Tuesday (12 May 2009)

Per my action from the Resource Service review during the April PWG
meeting, below is some text for the Security Considerations section of
the Resource Service.

11.4 Security Threats from Executable Resources

Resources with a ResourceCategory of 'Executable' MUST be handled with
special care by implementations of the Resource Service.  Such resources
can pose serious threats to the integrity of the Imaging System that
hosts the Resource Service.  In particular, such Resources can be used
to introduce Trojan Horses to the Imaging System.  If an implementation
of the Resource Service supports Executable resources, then that
implementation MUST restrict the storage of such resources (e.g., to
authorized administrators and manufacturers) and SHOULD verify the
safety of such resources (e.g., by virus scanning).

11.5 Security Threats from Static Resources

Resources with ResourceCategory of 'Static' SHOULD be treated with
special care by implementations of the Resource Service.  Fonts that
have associated Intellectual Property rights (e.g., as part of their
network licenses) can pose serious threats to the availability of the
Imaging System that hosts the Resource Service - security audits can
result in the shutdown or physical removal of the Imaging System.  If an
implementation of the Resource Service supports Static resources that
have associated Intellectual Property rights, then that implementation
SHOULD restrict the storage of such resources (e.g., to authorized
administrators and manufacturers) and SHOULD restrict the retrieval of
such resources (e.g., to a configured group of authorized users).

Comments?

Cheers,
- Ira

Ira McDonald (Musician / Software Architect)
Chair - Linux Foundation Open Printing WG
Blue Roof Music/High North Inc
email: blueroofmusic at gmail.com
winter:
 579 Park Place  Saline, MI  48176
 734-944-0094
summer:
 PO Box 221  Grand Marais, MI 49839
 906-494-2434

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.pwg.org/pipermail/mfd/attachments/20090512/61dee4f4/attachment-0001.html>


More information about the mfd mailing list