[805] in Kerberos_V5_Development
[nick@usenix.org: Standards Update, POSIX.22: Computer Security Framework]
daemon@ATHENA.MIT.EDU (John T. Kohl)
Wed Feb 16 12:13:07 1994
Date: Wed, 16 Feb 1994 12:12:46 -0500
From: John T. Kohl <jtk@atria.com>
To: krbdev@MIT.EDU
Are any MIT folks involved in this, to check out how it relates to
Kerberos?
From: nick@usenix.org (Nicholas M. Stoughton)
Newsgroups: comp.std.unix
Subject: Standards Update, POSIX.22: Computer Security Framework
Date: 15 Feb 1994 09:44:40 -0800
Organization: USENIX Standards Report Editor
Reply-To: std-unix@uunet.uu.net
NNTP-Posting-Host: rodan.uu.net
X-Submissions: std-unix@uunet.uu.net
Submitted-by: nick@usenix.org (Nicholas M. Stoughton)
USENIX Standards Report Editor
Nicholas M. Stoughton <nick@usenix.org>, Report Editor
POSIX.22: Computer Security Framework
Randall Wayne Simons <rsimons@somnet.sandia.gov> reports on
the January 10-14, 1994 meeting in Irvine, Ca.:
The POSIX.22 committee is defining a framework for
distributed computer security. The framework will be a
common reference model to guide members of other POSIX
committees in addressing security needs in the standards
they are defining.
This was the first POSIX meeting I have attended, and my
main impression was of heads silently bowed over clacking
keyboards as multiple laptops were simultaneously applied to
modifying a document. David Rogers, chair of the committee,
brought a troff version of the X/Open Snapshot called the
``Distributed Security Framework''. POSIX.22 wants to keep
the X/Open and POSIX documents in sync since both groups are
working on the same problem. The most recent version of the
document had just been reviewed by X/Open, and there were
numerous suggestions for improvement, including many that
required some restructuring of the document. POSIX.22 took
on this task, and simultaneously reviewed and added their
own improvements. Different sections of the document were
handed out to each committee member who then did the
cutting, pasting, and merging.
The reorganized document starts by introducing top level
information system security concepts, terms and models.
There is a description of threats, most of which got moved
to an appendix. More detailed models define security
architectures and characteristics of interfaces to security
services. Finally, the individual services and interfaces
are modeled and described in detail. Interfaces support
both management and operational functions for each of the
services.
The basic services included are: authentication, access
control, security audit and cryptographic services. At a
higher level, domain interaction services, which combine
various basic services in a distributed environment, include
user authentication and secure association service.
After more review and revision by both X/Open and POSIX.22,
the Framework document should be ready for balloting around
July. The balloting group should form in April, so watch
out for it. POSIX.22 had seven people at this meeting, and
there was plenty of work to go around. Anyone willing and
�- 2 -
able to help develop the POSIX Computer Security Framework
would be welcome at future meetings. In general, there is
much to be done in security for POSIX - see the report from
POSIX.6.
Volume-Number: Volume 34, Number 2
