Check this out. Clipper inside the Apple get you bothered? How about Clipper inside all UNICES ? (all POSICES) Sorry if this is a repeat for folks.. - Carl Date: Mon, 30 Aug 1993 10:03:00 EDT Reply-To: TC11-I IFIP TC11 Global information <TC11-I@HEARN.nic.SURFnet.nl> Sender: TC11-I IFIP TC11 Global information <TC11-I@HEARN.nic.SURFnet.nl> From: Ambuel@DOCKMASTER.NCSC.MIL Subject: Call for Participation - POSIX Security Group X-To: tc11-i@HEARN.NIC.SURFNET.NL X-Cc: smaha@DOCKMASTER.NCSC.MIL, snapp@DOCKMASTER.NCSC.MIL, emery@D74SUN.MITRE.ORG, tsig@WDL1.WDL.LORAL.COM, wbr@MITRE.ORG, chang@ST1.NCSL.NIST.GIV, p1003.6@PERCH.NOSC.MIL, p1003.22@PERCH.NOSC.MIL, tc11@CIPHER.NL To: Multiple recipients of list TC11-I <TC11-I@HEARN.nic.SURFnet.nl> Status: RO _____________________________________________ Call for Participation The POSIX security working group will be concentrating on several new areas of security functionality at the October 18 meeting in Bethesda, Maryland. The group believes that these areas must be completed in order for the defined interfaces in P1003.6.1 and P1003.6.2 to be fully useful. These new areas include: Identification and Authentication Services Portable Data Formats Cryptographic Services Administrative Services Identification and Authentication Services POSIX 1003.1 and 1003.2 provide little functionality in the areas of identification and authentication. The security working group believes that services for identifying users and authenticating those identities is essential for protecting resources within a system. One proposal, from ICL, has been received to date on this subject. It will be distributed in the POSIX mailing and will be discussed at the October meeting. In addition, distributed issues of identification and authentication will be discussed so that a resulting standard will accommodate distributed identification and authentication technology. Any additional proposals for identification and authentication services will also be entertained. Portable Data Formats POSIX 1003.6.1 has defined several interfaces to create and manipulate security-related data items - access control lists, labels, capabilities, and audit records. However, the data items are not described to the level of detail necessary to use them in a portable way. For true application portability the format of these data items must be known. One proposal has been received, from Haystack Laboratories, for a common audit trail interchange format. This proposal will be included in the POSIX mailing and will be discussed at the October meeting. Any additional proposals for portable data formats will also be entertained. Cryptographic Services One proposal has been received, form NIST, which outlines interfaces for several areas of cryptographic services: user cryptographic database management, secret key cryptography services, and public key cryptography services. The secret key services include encryption and data integrity, as well as key management. The public key services include encryption and digital signatures, as well as key management. The proposal will be included in the POSIX mailing and will be discussed at the October meeting. Another proposal may be submitted by the October meeting and will also be discussed. Any additional proposals for crytpographic services will also be entertained. Administrative Services The security working group met with the administrative services working group (P1003.7) to discuss what interfaces and utilities need to be defined to provide portable application writers with a standard method for administering security-related data items. The original scope of P1003.6 excluded this functionality because P1003.1 and P1003.2 excluded this functionality. However, these utilites and functions are essential for application writers to provide truly portable applications. Any proposals in this areas are encouraged and will be discussed at the October meeting. Proposals in these, or other, security-related areas are welcome and can be mailed to the chair for enclosure in the POSIX mailing and the agenda for the meeting. This will allow members of the working group to review the proposal and be prepared for discussion at the meeting. Proposals will also be accepted at the meeting, but only in written form. This makes it more likely that a proposal has been thought out and keeps discussion focused on a tangible document. In order to plan for the agenda for the working group meeting, please forward your name, email address, area of interest, and expected duration that you will be at the Bethesda meeting. Addresses for the chair are listed below. The hope is that a large group will be available for discussion all week, but sometimes that is not quite reality. If you can only attend a few days, or would like to present something on a specific day, please provide that inforamtion and the agenda will be created accordingly. Questions and written proposals can be sent to the chair in any of the following ways: U.S. Mail: Lynne Ambuel Attn: I94 Department of Defense Fort G.G. Meade, MD 20755-6000 Internet: Ambuel @ dockmaster.ncsc.mil FAX: (410) 850-7166