IPP Mail Archive: IPP>SEC, IPP>MOD, IPP>DIR - Security attributes

IPP>SEC, IPP>MOD, IPP>DIR - Security attributes

Roger K Debry (rdebry@us.ibm.com)
Fri, 13 Jun 1997 11:20:37 -0400

As you read the new security internet-draft you will see that four common usage
scenarios are described. These are:

o no security
o message protection
o client authentication and authorization
o mutual authentication, authorization, and message protection

In order to let a person who is searching a directory know what to expect in
terms of security, we need some Printer attributes that would be stored in the
directory to help indicate this. For example, when I search a directory, I want
to know which printers require authentication. There are undoutbedly many ways
to do this. I would appreciate your comments on the following proposal as a
way to get some discussion going on this ...

New Printer Attributes:

Message Protection
values are none, supported or required

Authentication/Authorization
values are none, supported, or required

Supported means that the Printer is capable of supporting this security
feature, but it is does not require the client to use it. For example, if
message protection is supported, it means that a client can encrypt a message
if privacy is required, but does not have to.

Required means that the Printer is capable of supporting this privacy feature,
and the client is required to use it. For example, if
authentication/authorization is required, then the client must be authenticated
before using the Printer.

Alternatives include listing each security protocol supported as an attribute
with values as above, or having one attribute called security with the names
of the supported protocols as values.

Comments???

Roger K deBry
Senior Techncial Staff Member
Architecture and Technology
IBM Printing Systems
email: rdebry@us.ibm.com
phone: 1-303-924-4080