IPP Mail Archive: IPP> Re: IPP SEC - suggestions for Model document

IPP> Re: IPP SEC - suggestions for Model document

Carl-Uno Manros (cmanros@cp10.es.xerox.com)
Tue, 2 Sep 1997 09:51:26 PDT

Roger,

I think that you probably missed the point on this.

The recommendation out of Munich was to split the text in the Security
document and integrate part of in into the Model document and part of into
the Protocol document, and hence do away with the Security document in the
final editing round. Your proposal seems to assume that the Security
document will stay.

Carl-Uno

At 09:46 AM 9/2/97 PDT, Roger K Debry wrote:
>Scott, you asked for some suggestions on security for the model document.
>
>Currently you have two sections on security, one on conformance (5.4) and the
>other on security considerations (7).
>
>I'd recommend something like the following:
>
>Section 5.4: Security Conformance Requirements
>
>The security mechanisms for IPP fall outside the scope of the application
layer
>protocol itself, and are described in detail in the Internet Draft "Internet
>Printing
>Protocol/1.0: Security". It is required that the Internet Printing
Protocol be
>able to
>operate in a secure environment. A conforming IPP implementation SHOULD
>provide a range of security services which can be tailored to meet the
>individual
>needs of a specific installation. These MUST include HTTP 1.1 basic and
>digest authentication, and SHOULD in addition support a secure communication
>channel, such as Transport Layer Security (TLS) and/or IP Security (IPSec).
>
>Section 7: Security Considerations
>
>The Internet Draft "Internet Printing Protocol/1.0: Security" provides a
>detailed
>discussion of the security considerations for IPP. Every time a new
connection
>is established with a Printer object or with a job Object, a new security
>context
>must be established. However, it is up to the site administrator to
determine
>the
>specific security requirements for any given IPP operation. This will be
>established
>through implementation specific means which are outside the scope of this
>standard. When a Job object is created, a security token MUST be associated
>with the Job which defines the most authenticated name of the user
creating the
>job. When required by administratively established policy, this token MUST
>match
>the authenticated name provided on any subsequent operation on that job.
>
>Roger K deBry
>Senior Technical Staff Member
>Architecture and Technology
>IBM Printing Systems
>email: rdebry@us.ibm.com
>phone: 1-303-924-4080
>
>
Carl-Uno Manros
Principal Engineer - Advanced Printing Standards - Xerox Corporation
701 S. Aviation Blvd., El Segundo, CA, M/S: ESAE-231
Phone +1-310-333 8273, Fax +1-310-333 5514
Email: manros@cp10.es.xerox.com