[Fiware-i2nd] R: FI-WARE: Review of Architecture and Open Specifications of Security Chapter

[Garino Pierangelo]

Dear Daniel,
thanks for your feedback.
I try to explain the comment which resulted not clear: my point was rather basic, i.e. are there functionalities in the Context-based Security architecture that might be provided by other FI-WARE GEs, if
this makes any sense?  This concerns the presence in the Data chapter of the PubSub (Context) Broker GE and others, so I wonder if this latter can be exploited it in your GE to manage context information, that would be beneficial to show integration of GEs in the overall FI-WARE architecture.

I take the opportunity of this reply to point out there is still a typo in the same wiki page at line below ('Example Scenarios' section), it looks like some part of the sentence is missing:

As employees private data are shared and each of the subsidiaries is located in a different the communications links must be compliant with different Data Protection regulations.


Best Regards
Pier




Da: GIDOIN Daniel [mailto:daniel.gidoin at thalesgroup.com]
Inviato: mercoledì 12 settembre 2012 09:39
A: Garino Pierangelo
Cc: BISSON Pascal; MUSARAJ Kreshnik; Juanjo Hierro; fiware-security at lists.fi-ware.eu; GASPARD Lucie
Oggetto: FI-WARE: Review of Architecture and Open Specifications of Security Chapter

Dear Pierangelo,

Please find bellow our answer to your comments  on the Security chapter:

Architecture:

·         Introduction:

1.       Comments 1 & 2: wording and example modified (TS)

·         Architecture Overview:

1.       Comment 3: sentence clarified;

2.       Comment 4: increasing readability (TS)

·         Security monitoring:

1.       Comment 5: very global rewriting of the page by TS;

2.       Comment 6: justification of the Security Monitoring approach with regard to ISO 27000 standard;

3.       Comment 7:  architecture clarified (I.e. origin of inputs)

·         Fuzzer:

1.       Comments 8 & 11: taken into account in the wiki page  (INRIA)

·         Countermeasures:

1.       Comment 9: taken into account by TCS

·         Visualization:

1.       Comment 10: review comment fixed by TRT

·         Context-based security & compliance (ATOS):

1.       Comment 12: Chapter wording has been revised

2.       Comment 13: Disclaimer wording revised

3.       Comment 14: wording revised

4.       Comment 15: As rule manager was part of our proposed (and not selected) EPICS for the second Open Call their features are still pending

5.       Comment 16: Wording revised

6.       Comment 17: Wording revised

7.       Comment 18: "Chapter" has been used instead of WP3.

8.       Comment 19: No changes at this moment, see answer to comment 15.

However we have still pending actions to this one:


FIWARE<https://forge.fi-ware.eu/plugins/mediawiki/wiki/fiware/index.php/FIWARE.ArchitectureDescription.Security.Context-based_security_%26_compliance>.<https://forge.fi-ware.eu/plugins/mediawiki/wiki/fiware/index.php/FIWARE.ArchitectureDescription.Security.Context-based_security_%26_compliance>ArchitectureDescription<https://forge.fi-ware.eu/plugins/mediawiki/wiki/fiware/index.php/FIWARE.ArchitectureDescription.Security.Context-based_security_%26_compliance>.<https://forge.fi-ware.eu/plugins/mediawiki/wiki/fiware/index.php/FIWARE.ArchitectureDescription.Security.Context-based_security_%26_compliance>Security<https://forge.fi-ware.eu/plugins/mediawiki/wiki/fiware/index.php/FIWARE.ArchitectureDescription.Security.Context-based_security_%26_compliance>.<https://forge.fi-ware.eu/plugins/mediawiki/wiki/fiware/index.php/FIWARE.ArchitectureDescription.Security.Context-based_security_%26_compliance>Context<https://forge.fi-ware.eu/plugins/mediawiki/wiki/fiware/index.php/FIWARE.ArchitectureDescription.Security.Context-based_security_%26_compliance>
-<https://forge.fi-ware.eu/plugins/mediawiki/wiki/fiware/index.php/FIWARE.ArchitectureDescription.Security.Context-based_security_%26_compliance>based<https://forge.fi-ware.eu/plugins/mediawiki/wiki/fiware/index.php/FIWARE.ArchitectureDescription.Security.Context-based_security_%26_compliance> <https://forge.fi-ware.eu/plugins/mediawiki/wiki/fiware/index.php/FIWARE.ArchitectureDescription.Security.Context-based_security_%26_compliance> security<https://forge.fi-ware.eu/plugins/mediawiki/wiki/fiware/index.php/FIWARE.ArchitectureDescription.Security.Context-based_security_%26_compliance> & <https://forge.fi-ware.eu/plugins/mediawiki/wiki/fiware/index.php/FIWARE.ArchitectureDescription.Security.Context-based_security_%26_compliance> compliance<https://forge.fi-ware.eu/plugins/mediawiki/wiki/fiware/index.php/FIWARE.ArchitectureDescription.Security.Context-based_security_%26_compliance>


Pier  Garino


General comment to this page: The context-aware capabilities mentioned in the name of this GE call for some explanation about possible interactions (or about impossibility to have interactions) with context/data Management chapter (e.g.: aren't there GEs which might be exploited in the architecture of the Context-based security & compliance GE?). This should help dissipating some doubts which might arise in readers and adopters of FI-WARE architecture.


We do not understand this comment. Could be possible that Pierangelo Garino will provide more details about it?


·         USDL-SEC  (SAP)

1.       Comments 32, 33, 34
SAP: all comments have been addressed. However, some comments on USDL-SEC specification are probably incorrect, as Juanjo in one of his past emails wrote that no Open Specification template was provided for non-software products, which is the case.



·         Data Handling (SAP)

1.       Comments 21 to 30: all comments have been addressed


·         Identity Management (DT)

1.       All comments addressed


·         Optional security enablers

1.       Comment 31 addressed

Open Specifications:

·         Security Monitoring / Mulval Attack Path Engine

1.       Comment 35 addressed_ rewriting of the page


·         Security monitoring / OSSIM-SIEM  (ATOS)

1.       Page wording has been revised in order to make clear that Atos tasks will be:

2.       Configure OSSIM  according with FI-WARE monitoring GE needs

3.       Develop  an advance service level SIEM component on top of OSSIM. This advanced SIEM is going to be delivered on future releases of the security monitoring GE

·         SSS (TCS)

1.       Comments addressed

·         Identity Management (DT)

1.        Comments addressed

·         DB Anonymizer (SAP)

1.       Comments addressed

·         Data handling (SAP)

1.       Comments addressed

Best regards

Daniel
Questo messaggio e i suoi allegati sono indirizzati esclusivamente alle persone indicate. La diffusione, copia o qualsiasi altra azione derivante dalla conoscenza di queste informazioni sono rigorosamente vietate. Qualora abbiate ricevuto questo documento per errore siete cortesemente pregati di darne immediata comunicazione al mittente e di provvedere alla sua distruzione, Grazie.

This e-mail and any attachments is confidential and may contain privileged information intended for the addressee(s) only. Dissemination, copying, printing or use by anybody else is unauthorised. If you are not the intended recipient, please delete this message and any attachments and advise the sender by return e-mail, Thanks.

[cid:00000000000000000000000000000003 at TI.Disclaimer]Rispetta l'ambiente. Non stampare questa mail se non è necessario.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.fiware.org/private/old-fiware-i2nd/attachments/20120913/3d0842e7/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: logo Ambiente_foglia2.jpg
Type: image/jpeg
Size: 677 bytes
Desc: logo Ambiente_foglia2.jpg
URL: <https://lists.fiware.org/private/old-fiware-i2nd/attachments/20120913/3d0842e7/attachment.jpg>