PCLS Security Considerations

1
PCLS Security Considerations Policy Framework
WG49th IETF, San Diego
Ed Ellesson, ellesson_at_tivoli.com
2
PCLS Security Considerations

• Background (developing with Security Area)
• PCIM passed to Proposed Standard with a security
  section pointing to subsequent docs for details
• PCLS is the instantiable mapping of PCIM to an
  ldap-accessible directory representation.
• Other docs will subclass PCIM to QOS, IPsec and
  other domains.
• Still other docs will map these subclassed models
  to directory representations.
• Issue What sec. considerations go into PCLS?
• ldap-specific considerations?
• Common mapping considerations?

3
PCLS Security Section Outline (1)

• General
• Pointer to PCIM
• Add pointer to LDAP security docs? (RFC 2829,
  2830)
• Services and mechanisms, but not the wire
• Users
• Pointer to PCIM, except there is nothing specific
  to service users there.
• Cant really say anything about end users,since
  dependent on application domainqos, ipsec
• Add Policy Servers (PDPs) as users of schema?
• Administrators (Leave this to subsequent docs?)
• Administrators of schema
• Administrators of schema content (instances)

4
PCLS Security Section Outline (2)

• Some Service Topics in PCLS
• Audit Trail Functionality
• Access Control/Authorization
• Authentication
• Integrity/Privacy
• Denial of Service
• Or should they go in the individual domain
  specific mapping documents
• QPIM and QDDIM mapping docs
• IPSP mapping doc
• Work in parallel with domain-specific mapping
  docs