Object/Document Security BOF (IOS)

Reported by John Lowry/Bolt Beranek and Newman

The Object/Document Security BOF met on Wednesday, 7 December, at the
San Jose IETF. It began with a slide presentation introducing the
concept and purpose of information object security (IOS). There were
three presentations intended to stimulate discussion.


Presentations

The first presentation was made by John Lowry on the
Location-Independent IOS work sponsored by ARPA.

The second presentation was made by Wolfgang Schneider on the practical
considerations of bootstrapping a certificate based key management
infrastructure, particularly geared to deployment of PEM.

The third presentation was made by Paul Van Oorshot and was an overview
of store-and-forward extensions made to GSS-API which would be presented
more fully in the Common Authentication Technology Working Group CAT.


Discussion

There was discussion by the group regarding:


   o Copyright protections and whether there was any security service
     which could prevent, discourage, or help to audit unauthorized
     copying.

   o Uniform Resource Identification and the security services that
     might be applied to IDs, locators, meta information, and other data
     associated with the object.

   o Support for labeling of objects.  Labeling could be associated with
     confidentiality, part of an annotation, and needs to be examined
     regarding the relationship to meta-information.

   o Access control requirements need to investigated and a
     low-complexity model should be identified.  The model presented in
     the Location-Independent IOS needs a lot of work.

   o Concerns about the nature (complexity) of the object and
     annotations including n-dimensional signatures and annotations.

   o Concerns about long term and archival storage of objects.  Initial
     reaction was that this was probably outside the scope of this
     group.

   o Concerns about the overhead of security in terms of object size,
     complexity, and processing cycles required.

   o Concerns about adopting a flexible trust mechanism and key
     management/identification/ authentication mechanism.

   o The relationship to WWW and HTTP-S. Generally it was felt that
     HTTP-S was concerned with transport but that there should be
     coordination between this group and the HTTPSEC group.

   o There was a question about the relationship to GSS-API and whether
     there was a good synergy with the CAT Working Group.  GSS-API is
     also considering store-and-forward mechanisms which may relate
     directly to some of the requirements yet to be defined.

   o There was a question about the relationship to MIME/PEM and whether
     MIME/PEM could serve as an appropriate mechanism.  The initial
     opinion seemed to be that until the requirements are defined the
     question cannot be answered.


Jeff Schiller pointed out the necessity of listing requirements and
forming a charter.  An outline list of requirements was proposed by Dave
Solo and will start the requirements discussion.  The outline appears
below.

It was agreed that a mailing list and an archive site be created.
Attendees would be notified of the mailing list instantiation but would
not automatically be included on the list.

It was agreed that since time was short, the charter should be
negotiated on the mailing list with a goal of becoming a working group
by the 32nd IETF in Danvers.


Proposed Requirements Outline

Object Protection/Encapsulation

   o Protect arbitrary data/objects
   o Allow any transport or access mechanism
   o Supply confidentiality/encryption
   o Supply integrity
   o Supply authentication/non-repudiation
      -  signature
      -  annotation
      -  complex data structures
   o Access Controls/Scenarios
      -  access control rules
      -  concepts of access control
      -  relationship to key management
   o Labeling
   o Third-party service interactions
   o Handle existing concepts
      -  PEM
      -  MIME/PEM
      -  PGP
   o Flexible certificate trust models