Dear All, My comments about Context-based security and compliance : 1) Not clear if this is related to WP3: There is no relation with WP3, but the extension of the USDL protocol which is also used by WP3. I think this point is clear enough in our text. Perhaps we could change this paragraph: “Extend standard USDL 3.0 by implementing a new module security oriented where security specifications may be referred to existing standards like WS-SecurityPolicy and even management to Common Base Event” Into this one: “· Define a USDL-Sec protocol as a new module security oriented extension of standard USDL 3.0 where security specifications may be referred to existing standards like WS-SecurityPolicy and even management to Common Base Event” To be more specific. 2) Is it filter of security enablers (which one?) to fit with "very specific regulatory constraints" and monitoring of system performance? I think we are clear enough in next paragraph: “The GE will accept security request from a client application and will select the best Optional Security Enabler to fulfil it.” 3) If this is an USDL extension, what is the influence on applications which are described in USDL and consumed via the marketplace? The relationship between USDL-SEC and USDL will be the same as the already implemented relationship between existing USDL modules (see http://www.internet-of-services.com/index.php?id=570&L=0) On the other hand I’m agree with Stein. As USDL-SEC will be an extension of USDL ; the optional security GE market could be defined as an extension of the serviced market they are defining in WP3. So some kind of interaction in this field could be needed I also send a Word version with the modifications implemented Best Regards ************************************ * Antonio García Vázquez * * (+34) 91 214 9384 * * antonio.garcia at atosresearch.eu * ************************************ From: fiware-security-bounces at lists.fi-ware.eu [mailto:fiware-security-bounces at lists.fi-ware.eu] On Behalf Of BISSON Pascal Sent: viernes, 08 de julio de 2011 16:55 To: Fiware-Security (fiware-security at lists.fi-ware.eu) Subject: [Fiware-security] TR: Fi-ware security GE - Review Dear All, Here are the comments we got from the peer-review of our Security chapter which was performed by WP3 (Horst Stein/DT) In view of the comments I would ask each of the Task leaders and/or GE enablers to which they are targeted to provide me with their answer in order to interact with them and elaborate shared and agreed answer we can give (this including some redrafting which might be needed to clarify things and so improve overall quality of our Chapter) Useless to say any of you is more than welcome to contribute/participate to the answers to be given here. So hearing from the task leads and you all to improve our Security chapter in view of the comments raised by WP3 reviewer. Best Regards, Pascal De : fiware-apps-bounces at lists.fi-ware.eu [mailto:fiware-apps-bounces at lists.fi-ware.eu] De la part de Horst.Stein at telekom.de Envoyé : vendredi 8 juillet 2011 15:14 À : fiware-apps at lists.fi-ware.eu Objet : [Fiware-apps] Fi-ware security GE - Review Hi Andreas and all, Here are some comments on the Security chapter with respect to WP3 issues: Security Monitoring Enabler It is not clear which interfaces to services and composition environments are needed for the monitoring process. Infos provided on pg 7 are very general: Firewalls, Intrusion Detection Systems, Security and Event Managers, … wireless events agents … Especially business risk impact evaluation sounds interesting, but it is not part of the figure 3 and not clear how a relationship with a real business application produced e.g. by our composition tools could be realised. At this level of description it's unclear how e.g. a sql intrusion attack on application level is monitored or the business risk is evaluated. Identity Management Are there also some group functionalities or are there only single identities for users and things? PPL Engine Is there an own grafical user interface for the end user to control his attributes? What are the interfaces to applications or services? Context-based security and compliance Not clear if this is related to WP3: Is it filter of security enablers (which one?) to fit with "very specific regulatory constraints" and monitoring of system performance? If this is an USDL extension, what is the influence on applications which are described in USDL and consumed via the marketplace? Optional security service enabler Not understood, is it an extension of USDL with security features (see above)? "The goal is to make easily extendible the security service description for customized services. This functionality will encourage all developers to define and describe their won services through the USDL standard by adding new functionalities .." pg18 Are there any relations to applications and composition tools, what are the effects on applications or user security? Best regards and nice weekend Horst ________________________________________________ Deutsche Telekom AG Laboratories Dr. Horst Stein Winterfeldtstrasse 21, D-10781 Berlin +49 30 835358637 (Tel) +49 391 53477987 +49 1605326264 (Mobil) http://www.laboratories.telekom.com E-Mail: horst.stein at telekom.de Erleben, was verbindet. Deutsche Telekom AG Aufsichtsrat: Prof. Dr. Ulrich Lehner (Vorsitzender) Vorstand: René Obermann (Vorsitzender), Hamid Akhavan, Dr. Manfred Balz, Reinhard Clemens, Niek Jan van Damme, Timotheus Höttges, Guido Kerkhoff, Thomas Sattelberger Handelsregister: Amtsgericht Bonn HRB 6794 Sitz der Gesellschaft: Bonn WEEE-Reg.-Nr. DE50478376 ------------------------------------------------------------------ This e-mail and the documents attached are confidential and intended solely for the addressee; it may also be privileged. If you receive this e-mail in error, please notify the sender immediately and destroy it. As its integrity cannot be secured on the Internet, the Atos group liability cannot be triggered for the message content. Although the sender endeavours to maintain a computer virus-free network, the sender does not warrant that this transmission is virus-free and will not be liable for any damages resulting from any virus transmitted. Este mensaje y los ficheros adjuntos pueden contener informacion confidencial destinada solamente a la(s) persona(s) mencionadas anteriormente pueden estar protegidos por secreto profesional. Si usted recibe este correo electronico por error, gracias por informar inmediatamente al remitente y destruir el mensaje. Al no estar asegurada la integridad de este mensaje sobre la red, Atos no se hace responsable por su contenido. Su contenido no constituye ningun compromiso para el grupo Atos, salvo ratificacion escrita por ambas partes. Aunque se esfuerza al maximo por mantener su red libre de virus, el emisor no puede garantizar nada al respecto y no sera responsable de cualesquiera danos que puedan resultar de una transmision de virus. ------------------------------------------------------------------ -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://lists.fiware.org/private/old-fiware-security/attachments/20110712/4cfb848b/attachment.html> -------------- next part -------------- A non-text attachment was scrubbed... Name: FI-WARE High-Level Description Security v2.1 11-06-22 valid until 11-07-05(Atos Rev).doc Type: application/msword Size: 1497600 bytes Desc: FI-WARE High-Level Description Security v2.1 11-06-22 valid until 11-07-05(Atos Rev).doc URL: <https://lists.fiware.org/private/old-fiware-security/attachments/20110712/4cfb848b/attachment.doc>
You can get more information about our cookies and privacy policies clicking on the following links: Privacy policy Cookies policy