[Nsi-wg] Security attributes
Inder Monga
imonga at es.net
Thu Mar 31 02:38:08 CDT 2011
I would prefer to have the lower level security for protocol development
purposes only, otherwise it gets selected by default in deployment. Is
that possible while meeting the objectives of simple security?
Inder
> ------------------------------------------------------------------------
>
> Jerry Sobieski <mailto:jerry at nordu.net>
> March 30, 2011 10:01 AM
>
>
> I propose the following high level approach for V1:
>
> We have defined two levels of AA: "Session layer" between NSAs, and
> "Request layer" at the primitive/connection context.
>
> I pose we define a "security attributes" element that consists of:
> a) Security Type := Identifies the security mechanism this element
> provides.
> b) Secutity Credentials := Contains a string of security
> information to be interpreted by the mechanism specified in the Type
> field.
>
> When initializing the NSA to NSA session, this element will authenticate
> each NSA to the other, and then each NSA will decide whether the other
> [remote] NSA is authorized to communicate with the local NSA.
>
> For any service request, the request must be authorized. The Service
> Definition will specify the set of recognized and allowable AA
> mechanisms for each network. The user request must specify one
> allowable mechanism in the service request.
>
> Initially, the NSI CS spec will require NSAs to recognize and support
> two levels of security:
> a) "simple security" consisting of a string passed to the
> authorizing agent for lookup in a flat text file,
> b) "better security" a more sophisticated AA scheme such as X509
> or the like (details TBD by someone who understands these issues in
> greater detail.)
>
> I will code this into the XSD for the Service Defs. Any comments or
> additional necessary detail, please let me know.
>
>
> Jerry
> _______________________________________________
> nsi-wg mailing list
> nsi-wg at ogf.org
> http://www.ogf.org/mailman/listinfo/nsi-wg
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.ogf.org/pipermail/nsi-wg/attachments/20110331/dacfbd8d/attachment.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: postbox-contact.jpg
Type: image/jpeg
Size: 1418 bytes
Desc: not available
Url : http://www.ogf.org/pipermail/nsi-wg/attachments/20110331/dacfbd8d/attachment.jpg
More information about the nsi-wg
mailing list