Dear All, I apologize. By mistake, I've not relayed this message. Daniel De : GIDOIN Daniel Envoyé : lundi 11 juillet 2011 14:59 À : 'Horst.Stein at telekom.de'; fiware-apps at lists.fi-ware.eu Cc : fiware-apps at lists.fi-ware.eu; BISSON Pascal Objet : RE: Fi-ware security GE - Review Dear Horst, Thank a lot for your very excellent comments. Please find below further information on the security monitoring topic. Security Monitoring Enabler It is not clear which interfaces to services and composition environments are needed for the monitoring. The Monitoring Security Enabler will exploit the security events logged by the services (I.e. non-Authorized access attempts, service disabling, denial of service attempt..). process. Infos provided on pg 7 are very general: Firewalls, Intrusion Detection Systems, Security and Event Managers, ... wireless events agents ... yes, this list is delivered as an example. It must be developed Especially business risk impact evaluation sounds interesting, but it is not part of the figure 3 and not clear how a relationship with a real business application produced e.g. by our composition tools could be realised. Risk analysis includes the business risk impact. Of course, it's not easy to evaluate the business impact without to mention urbanization map or complex business processe;, but it is probably possible to identify critical services and sensitive data and to establish some priorities and adapted countermeasures. At this level of description it's unclear how e.g. a sql intrusion attack on application level is monitored or the business risk is evaluated. In the context of SaaS, many application (i.e. ERP, DB..) log security events. We will exploit them to detect an intrusion. Please let me know if you need any further information. Bests regards Daniel De : fiware-apps-bounces at lists.fi-ware.eu [mailto:fiware-apps-bounces at lists.fi-ware.eu] De la part de Horst.Stein at telekom.de Envoyé : vendredi 8 juillet 2011 15:14 À : fiware-apps at lists.fi-ware.eu Objet : [Fiware-apps] Fi-ware security GE - Review Hi Andreas and all, Here are some comments on the Security chapter with respect to WP3 issues: Security Monitoring Enabler It is not clear which interfaces to services and composition environments are needed for the monitoring process. Infos provided on pg 7 are very general: Firewalls, Intrusion Detection Systems, Security and Event Managers, ... wireless events agents ... Especially business risk impact evaluation sounds interesting, but it is not part of the figure 3 and not clear how a relationship with a real business application produced e.g. by our composition tools could be realised. At this level of description it's unclear how e.g. a sql intrusion attack on application level is monitored or the business risk is evaluated. Identity Management Are there also some group functionalities or are there only single identities for users and things? PPL Engine Is there an own grafical user interface for the end user to control his attributes? What are the interfaces to applications or services? Context-based security and compliance Not clear if this is related to WP3: Is it filter of security enablers (which one?) to fit with "very specific regulatory constraints" and monitoring of system performance? If this is an USDL extension, what is the influence on applications which are described in USDL and consumed via the marketplace? Optional security service enabler Not understood, is it an extension of USDL with security features (see above)? "The goal is to make easily extendible the security service description for customized services. This functionality will encourage all developers to define and describe their won services through the USDL standard by adding new functionalities .." pg18 Are there any relations to applications and composition tools, what are the effects on applications or user security? Best regards and nice weekend Horst ________________________________________________ Deutsche Telekom AG Laboratories Dr. Horst Stein Winterfeldtstrasse 21, D-10781 Berlin +49 30 835358637 (Tel) +49 391 53477987 +49 1605326264 (Mobil) http://www.laboratories.telekom.com E-Mail: horst.stein at telekom.de<mailto:horst.stein at telekom.de> Erleben, was verbindet. Deutsche Telekom AG Aufsichtsrat: Prof. Dr. Ulrich Lehner (Vorsitzender) Vorstand: René Obermann (Vorsitzender), Hamid Akhavan, Dr. Manfred Balz, Reinhard Clemens, Niek Jan van Damme, Timotheus Höttges, Guido Kerkhoff, Thomas Sattelberger Handelsregister: Amtsgericht Bonn HRB 6794 Sitz der Gesellschaft: Bonn WEEE-Reg.-Nr. DE50478376 -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://lists.fiware.org/private/old-fiware-security/attachments/20110712/a5ffc4b6/attachment.html>
You can get more information about our cookies and privacy policies clicking on the following links: Privacy policy Cookies policy