Pascal, Regarding some of the questions that Sakis has discussed with us this morning after the Security presentation I'm afraid this e-mail I've received last week about a SAFECITY ticket in relation with Context base security was not delivered correctly to the mailing list B.R. ************************************ * Antonio García-Vázquez * * (+34) 91 214 9384 * * antonio.garcia at atosresearch.eu <mailto:antonio.garcia at atosresearch.eu> * ************************************ From: Tassos Dimitriou [mailto:tdim at ait.gr] <mailto:[mailto:tdim at ait.gr]> Sent: miércoles, 30 de mayo de 2012 13:57 To: Antonio Garcia Vazquez Cc: Athanasios Giannetsos Subject: RE: FI-WARE: SAFECITY.Epic.CommSec.Settings Co Dear Antonio, here are some clarifications prepared by Sakis Giannetsos (cc-ed), our main developer here at AIT. As you noted, the SC enabler's operation will depend on the functionalities provided by the CBSC system components. The Rule Repository component seems to provide most of the requested attributes; it can store and manage compliance security requirements and relevant specifics at various abstraction levels. Therefore, our main goal is to have the SC enabler communicate with the CBSC through this Rule Repository. Various "security profiles" (defined from our application) must be stored in the repository in order for the CBSC to be able to provide the best profile (output) according to the requirements posed by the SC enabler during this invocation (method input). However, what is unclear to us is whether this repository can hold such security profiles. From the architectural description, the rules to be stored could come from sources like laws, regulations, policies, standards, partner agreements, etc. In our case, the meaning of "security profiles" is different and concerns rules related to required level of security (depending on the context of data to be transmitted), cipher suites to be used during encryption/decryption, access privileges, etc. Thus, can such profiles be stored in the rule repository? If this is the case, can they also be compiled into a formal pattern following the USDL-SEC specifications language? Overall, our questions are: -- Can the Rule Repository component "hold" rules defined from security profiles structured with the above described way; level of security, cipher suites to be used, access privileges, etc? -- If this is the case, is the USDL-SEC language applicable to such security profiles? -- What kind of format should these profiles follow in order to be converted through the USDL-SEC language? Since there is no example in the architectural description, we can only give you an update on the kind of information that will be stored in the profiles. From our understanding, this information can be used as the basis for extracting the actual rules to be stored in the Rule Repository. Hope this helps a bit. Sakis is also planning to attend the training sessions next week. Are you, or any other colleague related to Fiware Security, also planning to attend? Best regards, Tassos ________________________________ From: Antonio Garcia Vazquez [antonio.garcia at atosresearch.eu] Sent: Tuesday, May 29, 2012 1:32 PM To: Tassos Dimitriou Subject: RE: FI-WARE: SAFECITY.Epic.CommSec.Settings Co Tassos, Sorry, I've made a mistake and copied the reference to the initial version on private security wiki. Try with the consolidated version on public: https://forge.fi-ware.eu/plugins/mediawiki/wiki/fiware/index.php/FIWARE.ArchitectureDescription.Security.Context-based_security_%26_compliance#Rule_repository <https://forge.fi-ware.eu/plugins/mediawiki/wiki/fiware/index.php/FIWARE.ArchitectureDescription.Security.Context-based_security_%26_compliance#Rule_repository> Best Regards ************************************ * Antonio García-Vázquez * * (+34) 91 214 9384 * * antonio.garcia at atosresearch.eu <mailto:antonio.garcia at atosresearch.eu> * ************************************ -----Original Message----- From: Tassos Dimitriou [mailto:tdim at ait.gr <mailto:tdim at ait.gr> ] Sent: martes, 29 de mayo de 2012 12:27 To: Antonio Garcia Vazquez Subject: RE: FI-WARE: SAFECITY.Epic.CommSec.Settings Co Hi Antonio, thanks for the reply.. Somehow I cannot access the page you suggest(https://forge.fi-ware.eu/plugins/mediawiki/wiki/fi-ware-private/index.php/FIWARE.OpenSpecification.Security.Context-based_security_%26_compliance#Rule_repository <https://forge.fi-ware.eu/plugins/mediawiki/wiki/fi-ware-private/index.php/FIWARE.OpenSpecification.Security.Context-based_security_%26_compliance#Rule_repository> ) Even when logged in, it mentions that access is restricted to administrators... "The action you have requested is limited to users in one of the groups: Administrators. " Best, Tassos ________________________________ Tassos Dimitriou Head, Algorithms & Security Athens Information Technology and Adjunct Professor Information Networking Institute Carnegie Mellon University, USA Contact Info Phone: +30 210 6682700, 2753 Email: tdim at ait.edu.gr <mailto:tdim at ait.edu.gr> Web: www.ait.edu.gr/ait_web_site/faculty/tdim/dimitriou.html <http://www.ait.edu.gr/ait_web_site/faculty/tdim/dimitriou.html> ________________________________________ From: Antonio García [antonio.garcia at atosresearch.eu] Sent: Monday, May 28, 2012 6:45 PM To: Tassos Dimitriou Subject: FI-WARE: SAFECITY.Epic.CommSec.Settings Co =?UTF-8?Q?nfiguration=20SE=20trackers?= Content-type: text/plain; charset=UTF-8 Message-Id: <20120528154519.D662248F93 at mailer.fi-ware.eu <mailto:20120528154519.D662248F93 at mailer.fi-ware.eu> > Date: Mon, 28 May 2012 17:45:19 +0200 (CEST) Hello, I'm writing in relation with the ticket you opened associated to the Epic about SAFECITY Settings Configuration SE. Ref: https://forge.fi-ware.eu/plugins/mediawiki/wiki/fiware/index.php/SAFECITY.Epic.CommSec.Settings_Configuration_SE <https://forge.fi-ware.eu/plugins/mediawiki/wiki/fiware/index.php/SAFECITY.Epic.CommSec.Settings_Configuration_SE> and https://forge.fi-ware.eu/tracker/?func=detail&aid=388&group_id=7&atid=163 <https://forge.fi-ware.eu/tracker/?func=detail&aid=388&group_id=7&atid=163> I've Included a comment on April asking for more details about how you are planning to define security profiles and I don't know if you got the notification from The Forge I've also provide you references to our rule repository component description: Ref: https://forge.fi-ware.eu/plugins/mediawiki/wiki/fi-ware-private/index.php/FIWARE.OpenSpecification.Security.Context-based_security_%26_compliance#Rule_repository <https://forge.fi-ware.eu/plugins/mediawiki/wiki/fi-ware-private/index.php/FIWARE.OpenSpecification.Security.Context-based_security_%26_compliance#Rule_repository> I believe that this functionalities could you to define different applicable security rules to be chosen by your applications. What do you think about this?; please provide us some feed-back to these questions Thanks & Best Regards Antonio García-Vázquez (antonio.garcia at atosresearch.eu <mailto:antonio.garcia at atosresearch.eu> ) ------------------------------------------------------------------ This e-mail and the documents attached are confidential and intended solely for the addressee; it may also be privileged. If you receive this e-mail in error, please notify the sender immediately and destroy it. As its integrity cannot be secured on the Internet, the Atos group liability cannot be triggered for the message content. Although the sender endeavours to maintain a computer virus-free network, the sender does not warrant that this transmission is virus-free and will not be liable for any damages resulting from any virus transmitted. Este mensaje y los ficheros adjuntos pueden contener informacion confidencial destinada solamente a la(s) persona(s) mencionadas anteriormente pueden estar protegidos por secreto profesional. Si usted recibe este correo electronico por error, gracias por informar inmediatamente al remitente y destruir el mensaje. Al no estar asegurada la integridad de este mensaje sobre la red, Atos no se hace responsable por su contenido. Su contenido no constituye ningun compromiso para el grupo Atos, salvo ratificacion escrita por ambas partes. Aunque se esfuerza al maximo por mantener su red libre de virus, el emisor no puede garantizar nada al respecto y no sera responsable de cualesquiera danos que puedan resultar de una transmision de virus. ------------------------------------------------------------------ ------------------------------------------------------------------ This e-mail and the documents attached are confidential and intended solely for the addressee; it may also be privileged. If you receive this e-mail in error, please notify the sender immediately and destroy it. As its integrity cannot be secured on the Internet, the Atos group liability cannot be triggered for the message content. Although the sender endeavours to maintain a computer virus-free network, the sender does not warrant that this transmission is virus-free and will not be liable for any damages resulting from any virus transmitted. Este mensaje y los ficheros adjuntos pueden contener informacion confidencial destinada solamente a la(s) persona(s) mencionadas anteriormente pueden estar protegidos por secreto profesional. Si usted recibe este correo electronico por error, gracias por informar inmediatamente al remitente y destruir el mensaje. Al no estar asegurada la integridad de este mensaje sobre la red, Atos no se hace responsable por su contenido. Su contenido no constituye ningun compromiso para el grupo Atos, salvo ratificacion escrita por ambas partes. Aunque se esfuerza al maximo por mantener su red libre de virus, el emisor no puede garantizar nada al respecto y no sera responsable de cualesquiera danos que puedan resultar de una transmision de virus. ------------------------------------------------------------------ -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://lists.fiware.org/private/old-fiware-security/attachments/20120606/d91b8352/attachment.html>
You can get more information about our cookies and privacy policies clicking on the following links: Privacy policy Cookies policy