Dear Pascal please find below my comments on the Security chapter. I had to take a day off yesterday, and being traveling today, thus the delay. For the current version of the security part, the comments are minor. However, the varying level of maturity and details of the different enablers envisioned in the Security WP may become a concern in the next iteration. As an example, the Identity management part is already well advanced while the security monitoring GE is functionnaly more rich but also much more abstract at this stage and may be very difficult to link to actual applications (I'll come to this point later on in the detailed document analysis). Section 3.1 : Overview - Overall OK section. Although the threat in the 5th paragraph is centered on "Cyber Terrorism" and "Weapons of mass disruption". While these threats re highly relevant, I believe that as a Service platform, fiware should on the security part equally cover and mention more common threats, like toll-fraud, impersonation, service highjacking, ... The chapter identifies 4 Core modules : Monitoring Mechanisms, Identity and Privacy, Context-based Security and compliance, and discoverable optional generic enablers, while in the chapter, (section 3.2), 6 Core elements are presented. To unite the descriptions, either group (3.2.2, 3.2.3 and 3.2.4) or split in the Overview, Identity and Privacy. Section 3.2 : Security Monitoring - The functional blocks of the overall architecture are sound and generic. According to the description, the monitoring Generic enablers includes also the counter measures and decision making (Figure 3). However, no interface to actually push the configurations to the devices to activate the counter-measures is provided on the schema. The next step for this Generic enabler is propably to instanciate the interfaces among the different blocks. In this context, what is foreseen (if any) as a configuration interfaces ? I doubt that, Fiware can enforce a single one covering the whole scope from sensors/actuators to map-reduce cloud services. -Normalization of Heterogeneous Events and Correlation The document advocates the foreseen benefit of "Tag-based AI algorithms for event correlation". In this section, at least a couple of biblographic reference to these "Tag-based AI algorithms" should be provided, especially to references assessing this superiority. Section 3.3 : Identity Management - Overall OK. However, reading this section raised the question in my mind on whether Fi-ware has a generic enabler addressing accounting ? Section 3.3 : Context Several typos in the text + Figure 8 has a typo (Framework) Regarding Optional Generic Enabler, I was surprised not to see our proposal on smartphone-based flow-monitoring there. Is it part of the whole fulll Generic Enabler ? In general, Monitoring and Context-based security are described at a much higher level than Identify management components where the actual technologies and solutions are already mentioned. This is the case on the monitoring framework only for the OVAL part which is well identified. Thats all for this document. Again sorry for the 24 hours delay of delivery. I cannot attend the any audio-conference since I am traveling through Germany today. Best Regards /Olivier Festor INRIA On Jul 8, 2011, at 10:24 AM, BISSON Pascal wrote: > Dear All, > > As per audio conf of today here is the link of the Security chapter with comments we got and need to address. Please have a look and provide with your input (if any) to answer this comments (at least the ones relevant to you and input). > > > https://forge.fi-ware.eu/docman/view.php/7/190/FI-WARE+High-Level+Description+-+Security+chapter+-+v1.0.doc > > > This as soon as possible (preferably by Monday before 10am) > > Regards, > > Pascal > _______________________________________________ > Fiware-security mailing list > Fiware-security at lists.fi-ware.eu > http://lists.fi-ware.eu/listinfo/fiware-security -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://lists.fiware.org/private/old-fiware-security/attachments/20110712/fffb1565/attachment.html>
You can get more information about our cookies and privacy policies clicking on the following links: Privacy policy Cookies policy