[797] in Kerberos_V5_Development
[stephe@mks.com: Report on POSIX Dist. Security Group, Jan. 1992]
daemon@ATHENA.MIT.EDU (John T Kohl)
Thu Apr 2 20:09:31 1992
Date: Thu, 2 Apr 92 17:10:13 -0800
From: jtkohl@cs.berkeley.edu (John T Kohl)
To: krbdev@MIT.EDU
Potential interest.
Newsgroups: comp.std.unix
From: stephe@mks.com (Stephen Walli)
Subject: Report on POSIX Dist. Security Group, Jan. 1992
X-Submissions: std-unix@uunet.uu.net
Organization: UUNET Communications Services
Date: Wed, 1 Apr 1992 05:17:19 GMT
Submitted-by: stephe@mks.com (Stephen Walli)
USENIX Standards Watchdog Committee
Stephen Walli <stephe@usenix.org>, Report Editor
Report on the POSIX Study Group on Distributed Security
Laura Micks <uunet!aixsm!micks> reports on the January 15,
1992 meeting in Irvine, CA:
A study group has formed to investigate the feasibility of a
project request (PAR) for Distributed Security.
One of the major topics raised at the Distributed Services
Steering Committee (DSSC) was the problem of Security in a
Distributed environment. This issue is not addressed by the
Security working group (POSIX.6), nor any of the working
groups under the DSSC.
A meeting was scheduled for all interested parties to
discuss future directions in this area. Approximately 20
people attended and the application was made to be approved
as a Study Group. If approved, a Study Group can be funded
(from a logistics point of view) to meet for several
meetings without an official PAR in place. The group plans
to meet for an entire week next meeting cycle.
Most of the attendees were from the Security and Systems
Management groups. Several people attended for general
interest. It took the group quite some time to get rolling.
There seemed to be 2 camps: one that wanted to define a
conceptual model, identify services required, etc., and the
other that wanted to pin down the existing implementations,
choose one and tweek it where necessary.
A PAR was actually drafted in October 1991 by Data Logic on
behalf of Petr Janecek of X/Open. The PAR was not
officially submitted to the POSIX Sponsor Executive
Committee, probably due to potential lack of support and
sponsorship within the POSIX community. The draft of this
PAR was copied and distributed to the study group.
Known existing projects and organizations working similar
efforts were identified. The known models identified were
as follows:
-- Open Software Foundation's Distributed Computing
Environment (DCE)
-- NIS (Sun)
-- ECMA TC46 Technical Committee on Security Framework
-- ISO 7498-2 Security Addendum covering Architectural
Framework/Security Svcs
-- The Andrew File System (AFS)
-- Project Athena
-- GSSAPI - A generic security API from DEC
-- Project MAXSIX
-- DNSIX - (Mitre)
-- Netware
-- GASSP (Generally Accepted Security System Principles)
-- U.S. Government OSI Profile (GOSIP)
We decided to further the study by arranging as many
presentations as feasible from the list above for the April
meeting. The meeting agenda will be to hear the
architectural presentations on security models, and to
determine selection requirements for base documents. A
thorough evaluation will be made at the July meeting.
It is premature to assess the viability of this study group
becoming an actual POSIX committee. The initial meeting was
somewhat disorganized but in all fairness, there was little
or no advance notice of this group's meeting, hence the
attendees were unprepared. Given the sensitivity of the
subject and the obvious differences of opinions raised at
the January meeting, I don't expect that the exercise of
selecting a particular model to be used as a base document
will be trivial.
The next meeting will be held in conjunction with the next
IEEE POSIX working group meetings:
April 6-10, 1992,
The Doubletree Dallas at Lincoln Centre,
Dallas, TX.
Volume-Number: Volume 27, Number 61
