Object/Document Security BOF (IOS)
Reported by John Lowry/Bolt Beranek and Newman
The Object/Document Security BOF met on Wednesday, 7 December, at the
San Jose IETF. It began with a slide presentation introducing the
concept and purpose of information object security (IOS). There were
three presentations intended to stimulate discussion.
Presentations
The first presentation was made by John Lowry on the
Location-Independent IOS work sponsored by ARPA.
The second presentation was made by Wolfgang Schneider on the practical
considerations of bootstrapping a certificate based key management
infrastructure, particularly geared to deployment of PEM.
The third presentation was made by Paul Van Oorshot and was an overview
of store-and-forward extensions made to GSS-API which would be presented
more fully in the Common Authentication Technology Working Group CAT.
Discussion
There was discussion by the group regarding:
o Copyright protections and whether there was any security service
which could prevent, discourage, or help to audit unauthorized
copying.
o Uniform Resource Identification and the security services that
might be applied to IDs, locators, meta information, and other data
associated with the object.
o Support for labeling of objects. Labeling could be associated with
confidentiality, part of an annotation, and needs to be examined
regarding the relationship to meta-information.
o Access control requirements need to investigated and a
low-complexity model should be identified. The model presented in
the Location-Independent IOS needs a lot of work.
o Concerns about the nature (complexity) of the object and
annotations including n-dimensional signatures and annotations.
o Concerns about long term and archival storage of objects. Initial
reaction was that this was probably outside the scope of this
group.
o Concerns about the overhead of security in terms of object size,
complexity, and processing cycles required.
o Concerns about adopting a flexible trust mechanism and key
management/identification/ authentication mechanism.
o The relationship to WWW and HTTP-S. Generally it was felt that
HTTP-S was concerned with transport but that there should be
coordination between this group and the HTTPSEC group.
o There was a question about the relationship to GSS-API and whether
there was a good synergy with the CAT Working Group. GSS-API is
also considering store-and-forward mechanisms which may relate
directly to some of the requirements yet to be defined.
o There was a question about the relationship to MIME/PEM and whether
MIME/PEM could serve as an appropriate mechanism. The initial
opinion seemed to be that until the requirements are defined the
question cannot be answered.
Jeff Schiller pointed out the necessity of listing requirements and
forming a charter. An outline list of requirements was proposed by Dave
Solo and will start the requirements discussion. The outline appears
below.
It was agreed that a mailing list and an archive site be created.
Attendees would be notified of the mailing list instantiation but would
not automatically be included on the list.
It was agreed that since time was short, the charter should be
negotiated on the mailing list with a goal of becoming a working group
by the 32nd IETF in Danvers.
Proposed Requirements Outline
Object Protection/Encapsulation
o Protect arbitrary data/objects
o Allow any transport or access mechanism
o Supply confidentiality/encryption
o Supply integrity
o Supply authentication/non-repudiation
- signature
- annotation
- complex data structures
o Access Controls/Scenarios
- access control rules
- concepts of access control
- relationship to key management
o Labeling
o Third-party service interactions
o Handle existing concepts
- PEM
- MIME/PEM
- PGP
o Flexible certificate trust models