RE: IPP> Comments / Issues on Security Proposal

Wenn, John C (jwenn@cp10.es.xerox.com)
Sat, 19 Sep 1998 20:53:17 PDT

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Tom Hastings: "IPP> OPS - I've re-posted updated Set 1 IPP Ops spec for the"
• Previous message: Manchala, Daniel: "Re: IPP> Comments / Issues on Security Proposal"

1) The "AUTH" parameter is needed by the IPP client to establish a secure
connection with the IPP server. Some security schemes (SSL, TLS) require
client start the security handshake, while others (DAA) have the server
start the security handshake. Look at several IPP method URI's:
(1) ipp://foo.com/printer1;AUTH=SSL
(2) ipp://foo.com/printer2;AUTH=TLS
(3) ipp://foo.com/printer2;AUTH=DAA
#1 (using SSL classic) would connect with the https method over port 443.
#2 (using TLS new and improved) would connect over port 631, and add the
HTTP header "Upgrade: TLS/1.0". #3 would connect over port 631, not add
anything (if it didn't have a username and password already for that
printer), but would expect a HTTP response "401" from the server. The AUTH
parameter is needed by the client in order to know what security schemes to
use and expect when connecting from an IPP URI. Otherwise, how does the
client know that it should add the "Upgrade: TLS/1.0" header to the request?

2) "AUTH" was just the first string that looked good. "SECURITY" would work
as well and is probably less confusing.

3) Other IPP drafts talk about authorization/access control policy: Model
document, section 8 contains most of it. In general, they discuss potential
security policies (e.g. only the job creator may be allowed to cancel the
job) but not the security mechanisms. An ACL on the server is a perfectly
fine way of controlling access, but IPP 1.0 is silent on how it's done. So
for now, it's implementation dependent. To quote from the model document
(page 123-124 of the June 30th draft)

"Once the authenticated identity of the requester has been supplied to
the IPP object, the object uses that identity to enforce any
authorization policy that might be in place. For example, one site's
policy might be that only the job owner is allowed to cancel a job.
The details and mechanisms to set up a particular access control
policy are not part of IPP/1.0, and must be established via some other
type of administrative or access control framework. However, there
are operation status codes that allow an IPP server to return
information back to a client about any potential access control
violations for an IPP object."

/John

• Next message: Tom Hastings: "IPP> OPS - I've re-posted updated Set 1 IPP Ops spec for the"
• Previous message: Manchala, Daniel: "Re: IPP> Comments / Issues on Security Proposal"

Comments are owned by the poster. All other material is Copyright © 2001-2024 The Printer Working Group. All rights reserved. IPP Everywhere, the IPP Everywhere logo, and the PWG logo are trademarks of the IEEE-ISTO.
About the PWG · Privacy Policy · PWG Webmaster