PWG-ANNOUNCE> FW: [Isms] WG Action: RECHARTER: Integrated Security Model for SN MP (isms)

From: McDonald, Ira (imcdonald@sharplabs.com)
Date: Mon Oct 24 2005 - 20:41:09 EDT


Hi,

The IESG has just rechartered the ISMS WG specifically to work on
SNMP over SSH (Secure Shell) using RADIUS for AAA (authentication,
authorization, and accounting).

Cheers,
- Ira

Ira McDonald (Musician / Software Architect)
Blue Roof Music / High North Inc
PO Box 221 Grand Marais, MI 49839
phone: +1-906-494-2434
email: imcdonald@sharplabs.com

-----Original Message-----
From: isms-bounces@lists.ietf.org [mailto:isms-bounces@lists.ietf.org]On
Behalf Of IESG Secretary
Sent: Monday, October 24, 2005 5:29 PM
To: IETF Announcement list
Cc: isms@ietf.org
Subject: [Isms] WG Action: RECHARTER: Integrated Security Model for SNMP
(isms)

The Integrated Security Model for SNMP (isms) working group in the Security
Area of the IETF has been rechartered. For additional information, please
contact the Area Directors or the working group Chairs.

+++

Integrated Security Model for SNMP (isms)
==========================================

Current Status: Active Working Group

Chair(s):
Juergen Schoenwaelder <j.schoenwaelder@iu-bremen.de>
Juergen Quittek <quittek@netlab.nec.de>

Security Area Director(s):
Russ Housley <housley@vigilsec.com>
Sam Hartman <hartmans-ietf@mit.edu>

Security Area Advisor:
Sam Hartman <hartmans-ietf@mit.edu>

Mailing Lists:
General Discussion: isms@ietf.org
To Subscribe: isms-request@ietf.org
In Body: in body: (un)subscribe
Archive:
http://www.ietf.org/mail-archive/working-groups/isms/current/maillist.html

Description of Working Group:
The Simple Network Management Protocol version 3 (SNMPv3) provides
message security services through the security subsystem, for which
there is one currently defined model - the User-based Security Model
(USM). However, the USM approach has seen limited deployment so far.
One frequently reported reasons is the lack of integration of USM
key and user management into deployed authentication infrastructures.

SSH is a widely deployed access protocol for remote devices
configuration. Many devices support the integration of SSH user
authentication with AAA systems via protocols such as RADIUS.

The goal of the ISMS working group is developing a new security model
for SNMP that integrates with widely deployed user and key management
systems, as a supplement to the USM security model.

For this integration the working group will define a standard method
for mapping from AAA-provisioned authorization parameter(s) to
corresponding SNMP parameters.

In order to leverage the authentication information already accessible
at managed devices, the new security model will use the SSH protocol
for message protection, and RADIUS for AAA-provisioned user
authentication and authorization. However, the integration of a
transport mapping security model into the SNMPv3 architecture should be
defined such that it is open to support potential alternative transport
mappings to protocols such as BEEP and TLS.

The new security model must not modify any other aspects of SNMPv3
protocol as defined in STD 62 (e.g., it must not create new PDU types).

Work on new access control models or centralized administration of
View-based Access Control Model (VACM) rules and mappings is outside
the scope of the working group.

The working group will cover the following work items:

- Specify an architectural extension that describes how transport
mapping security models (TMSMs) fit into the SNMPv3 architecture.
- Specify an architectural extension that describes how to perform a
mapping from AAA-provisioned user-authentication and authorization
parameter(s)to securityName and other corresponding SNMP parameters.
- Specify a mapping from RADIUS-provisioned authentication and
authorization parameter(s) to securityName and other corresponding
SNMP parameters. This item may be a RADEXT work item last-aclled
in both groups.
- Specify a mapping from locally-provisioned authentication and
authorization parameter(s) to securityName and other corresponding
SNMP parameters.
- Define how to use SSH between the two SNMP engines
- Specify the SSH security model for SNMP.

Goals and Milestones:
Done Cut-off date for internet-drafts to be submitted to the working
group
for consideration as a proposed solution
Done Decision about which architecture the WG will focus its efforts on
Oct 05 Initial version of a general transport mapping security models
(TMSMs)
document that specifies how TMSMs fit into the SNMPv3 architecture and that
defines the requirements for transport mapping security models
Oct 05 Initial version of a document specifying the SSH security model
for
SNMP
Feb 06 Initial version of an applicability statement that sets up
reasonable
mandatory to implement methods
Feb 06 Submit TMSM document to IESG
Jun 06 Submit SSH TMSM to IESG
Jun 06 Submit RADIUS mapping model for SNMP to IESG
Aug 06 Submit applicability statement to IESG
Dec 06 Initial version of a document specifying the RADIUS authentication
and
authorization mapping model for SNMP

_______________________________________________
Isms mailing list
Isms@lists.ietf.org
https://www1.ietf.org/mailman/listinfo/isms



This archive was generated by hypermail 2.1.4 : Thu Apr 16 2009 - 10:55:40 EDT