Dear All, Here are the comments we got from the peer-review of our Security chapter which was performed by WP3 (Horst Stein/DT) In view of the comments I would ask each of the Task leaders and/or GE enablers to which they are targeted to provide me with their answer in order to interact with them and elaborate shared and agreed answer we can give (this including some redrafting which might be needed to clarify things and so improve overall quality of our Chapter) Useless to say any of you is more than welcome to contribute/participate to the answers to be given here. So hearing from the task leads and you all to improve our Security chapter in view of the comments raised by WP3 reviewer. Best Regards, Pascal De : fiware-apps-bounces at lists.fi-ware.eu [mailto:fiware-apps-bounces at lists.fi-ware.eu] De la part de Horst.Stein at telekom.de Envoyé : vendredi 8 juillet 2011 15:14 À : fiware-apps at lists.fi-ware.eu Objet : [Fiware-apps] Fi-ware security GE - Review Hi Andreas and all, Here are some comments on the Security chapter with respect to WP3 issues: Security Monitoring Enabler It is not clear which interfaces to services and composition environments are needed for the monitoring process. Infos provided on pg 7 are very general: Firewalls, Intrusion Detection Systems, Security and Event Managers, ... wireless events agents ... Especially business risk impact evaluation sounds interesting, but it is not part of the figure 3 and not clear how a relationship with a real business application produced e.g. by our composition tools could be realised. At this level of description it's unclear how e.g. a sql intrusion attack on application level is monitored or the business risk is evaluated. Identity Management Are there also some group functionalities or are there only single identities for users and things? PPL Engine Is there an own grafical user interface for the end user to control his attributes? What are the interfaces to applications or services? Context-based security and compliance Not clear if this is related to WP3: Is it filter of security enablers (which one?) to fit with "very specific regulatory constraints" and monitoring of system performance? If this is an USDL extension, what is the influence on applications which are described in USDL and consumed via the marketplace? Optional security service enabler Not understood, is it an extension of USDL with security features (see above)? "The goal is to make easily extendible the security service description for customized services. This functionality will encourage all developers to define and describe their won services through the USDL standard by adding new functionalities .." pg18 Are there any relations to applications and composition tools, what are the effects on applications or user security? Best regards and nice weekend Horst ________________________________________________ Deutsche Telekom AG Laboratories Dr. Horst Stein Winterfeldtstrasse 21, D-10781 Berlin +49 30 835358637 (Tel) +49 391 53477987 +49 1605326264 (Mobil) http://www.laboratories.telekom.com E-Mail: horst.stein at telekom.de<mailto:horst.stein at telekom.de> Erleben, was verbindet. Deutsche Telekom AG Aufsichtsrat: Prof. Dr. Ulrich Lehner (Vorsitzender) Vorstand: René Obermann (Vorsitzender), Hamid Akhavan, Dr. Manfred Balz, Reinhard Clemens, Niek Jan van Damme, Timotheus Höttges, Guido Kerkhoff, Thomas Sattelberger Handelsregister: Amtsgericht Bonn HRB 6794 Sitz der Gesellschaft: Bonn WEEE-Reg.-Nr. DE50478376 -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://lists.fiware.org/private/old-fiware-security/attachments/20110708/6ae46f08/attachment.html> -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: ATT00001.txt URL: <https://lists.fiware.org/private/old-fiware-security/attachments/20110708/6ae46f08/attachment.txt>
You can get more information about our cookies and privacy policies clicking on the following links: Privacy policy Cookies policy