[483] in WWW Security List Archive
Re: Barring Bros Was:Re: SLL protocol implementation ?
daemon@ATHENA.MIT.EDU (Kenneth Rowe)
Wed Mar 1 01:13:53 1995
From: Kenneth Rowe <kerowe@cs.umbc.edu>
Date: Tue, 28 Feb 1995 22:08:30 -0500
To: www-security@ns2.rutgers.edu
Reply-To: www-security@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu
There are many types of integrity models. Actually, I like the
way the NIST/ECMA TR46 (Software Engineering Frameworks) document
categorizes "security". The call it "Policy Enforcement" and
break it into three areas: Confidentiality, Integrity, and Conformance.
Under each are Mandatory and Discretionary policies.
It would be nice to see the Web community start to deal with "security"
on a holistic basis. Really need to develop some example business models
and define the Policy Enforcement attributes. I seem to remember
Jeff Hostetler (Spyglass) advocating that kind of an idea.
Ken.
----------------------------------------------------------
Kenneth Rowe kerowe@cs.umbc.edu
434 Shipley Road rowe@prairienet.org
Linthicum, MD 21090 Rowe@dockmaster.ncsc.mil
(410) 859-8487 (home)
----------------------------------------------------------
