Presentation is loading. Please wait.

Presentation is loading. Please wait.

1Copyright © 2011, Printer Working Group. All rights reserved. PWG -Imaging Device Security (IDS) Working Group February 3, 2011 Wailea-Makena, HI PWG.

Published byNatalie Gardner Modified over 10 years ago

Similar presentations

Presentation on theme: "1Copyright © 2011, Printer Working Group. All rights reserved. PWG -Imaging Device Security (IDS) Working Group February 3, 2011 Wailea-Makena, HI PWG."— Presentation transcript:

1 1Copyright © 2011, Printer Working Group. All rights reserved. PWG -Imaging Device Security (IDS) Working Group February 3, 2011 Wailea-Makena, HI PWG F2F Meeting Joe Murdock (Sharp) Brian Smithson (Ricoh)

2 2Copyright © 2011, Printer Working Group. All rights reserved. Agenda 11:15 – 11:20Administrative Tasks 11:20 – 11:30Review action items 11:30 – 12:00 MPSA Survey and Article 12:00 – 13:00Lunch 13:00 – 13:15Document Status 13:15 – 13:45System Logging 13:45 – 14:30Common Criteria Evaluation 14:30 – 15:00Identification, Authentication and Authorization 15:00 – 15:15Break 15:15 – 15:45IDS Security Ticket 15:45 – 16:00Wrap up and adjournment

3 3Copyright © 2011, Printer Working Group. All rights reserved. Administrative Tasks Select minute-taker Introductions IP policy statement: This meeting is conducted under the rules of the PWG IP policy If you dont agree, Surfs up or snorkels down! Approve Minutes from January 27 conference Call

4 4Copyright © 2011, Printer Working Group. All rights reserved. IDS WG Officers IDS WG Chairs Joe Murdock (Sharp) Brian Smithson (Ricoh) IDS WG Secretary: Brian Smithson (Ricoh) IDS WG Document Editors: HCD-ATR: Jerry Thrasher (Lexmark) HCD-NAP: Joe Murdock (Sharp), Brian Smithson (Ricoh) HCD-TNC: Ira McDonald (Samsung), Jerry Thrasher (Lexmark), Brian Smithson (Ricoh) HCD-Remediation: Joe Murdock (Sharp) HCD-NAP-SCCM: Joe Murdock (Sharp) HCD-Log: Mike Sweet (Apple) IDS-IAA: Joe Murdock (Sharp) IDS-CR: Ira McDonald, Joe Murdock, Ron Nevo

5 5Copyright © 2011, Printer Working Group. All rights reserved. Action Items Action Item # Entry dateAssigneeTypeActionStatusDisposition 3312/10/2009Randy TurnerSHVRandy Turner will contact Symantec (when appropriate) to encourage discussion with the PWG about a SHV. Ron Nevo will take this task. 3412/10/2009Randy TurnerRemediationRandy Turner will investigate Symantecs products and their method(s) to remediate noncompliant endpoints. Symantec wants an NDA, but PWG cannot do an NDA.. Ron nevo will take over this task. Need to indicate to Symantec that we really wdon;t need too much proprietary information from them, but want to give them our information. Can we get Symantec to attend the April meeting in Cupertino? 443/11/2010Jerry Thrasher Ira McDonald Brian Smithson NEA BindingTCG TNC Binding document Make it a TCG document, not an IETF NEA document 586/11/2010Joe Murdock and Ira McDonald SCCMCreate a first draft SCCM binding spec based on the NAP binding spec HOn hold due to priorities. 6610/20/2010Brian Smithson Joe Murdock Ira McDonald adminCreate a project charter for creating IEEE 2600.1 Supporting Documents With no requirements specification. Wait for NIAP guidance in mid to late January. 6710/28/2010Joe Murdock Ira McDonald authWrite HCD-Authentication-and-Authorization-Framework specificationP direction is not "recommendations only", it is "requirements and recommendations" (pointing to existing standards) because there will be a conformance section 6912/2/2010Michael Sweet log formatWrite HCD Logging specificationP New draft Feb 2011 7012/9/2010Brian Smithson adminMake arrangements for F2F meeting with NIAP/other schemes at Ricoh SF during RSA week 7112/9/2010Joe MurdockATRpropose by email a multivalued attribute for log location (a URI) to be added to HCD-ATR 7312/9/2010Joe Murdock Ira McDonald Ron Nevo reqts specstart an IDS common requirements spec to include out-of-scope and terminology sections Base on new PWG template 751/13/2011Joe Murdock Ira McDonald Bill Wagner MPSAMPSA Security articlePAlso a WIMS action item

6 6Copyright © 2011, Printer Working Group. All rights reserved. MPSA Articles and Survey Continued from WIMS Will we have new result data?

7 7Copyright © 2011, Printer Working Group. All rights reserved. Document Status HCD-Assessment-Attributes ftp://ftp.pwg.org/pub/pwg/ids/wd/wd-idsattributes10-20110127.pdf Stable (needs a binding prototype) Latest version fixed a simple typo HCD-NAP Binding ftp://ftp.pwg.org/pub/pwg/ids/wd/wd-ids-napsoh10-20100930.pdf Stable HCD-TNC Binding Initial Draft still under development HCD-NAC Business Case White Paper ftp://ftp.pwg.org/pub/pwg/ids/white/tb-ids-hcd-nac-business-case- 20100422.pdf Final

8 8Copyright © 2011, Printer Working Group. All rights reserved. Document Status HCD-Remediation ftp://ftp.pwg.org/pub/pwg/ids/wd/wd-ids-remediation10-20100930.pdf Initial Draft HCD-NAP-SCCM Binding Specification on hold HCD-CLF ftp://ftp.pwg.org/pub/pwg/ids/wd/wd-ids-log10-20110126.pdf Draft IDS-Identification-Authentication-Authorization Mind Map: ftp://ftp.pwg.org/pub/pwg/ids/white/ids-iaa-framework-20110202.xmind Specification: ftp://ftp.pwg.org/pub/pwg/ids/wd/wd-ids-iaa10-20101202.pdf ftp://ftp.pwg.org/pub/pwg/ids/wd/wd-ids-iaa10-20101202.docx IDS-CR

9 9Copyright © 2011, Printer Working Group. All rights reserved. HCD Common Log System Log IDS Attribute Document Review ftp://ftp.pwg.org/pub/pwg/ids/wd/wd-ids-log10-20110126-rev.pdf HCD Health Assessment Attribute Name (DataType) Description HCD_SysLog_URI(string) The HCD_SysLog_URI attribute is a variable length string that specifies the location(s) where the HCD's system log is to be stored. Locations are provided as a URI and MUST conform to RFC 2396. When multiple locations are provided, the log is to be written to locations in the order indicated by the list, starting with the first provided location. If no explicate HCD_SysLog_URI locations have been defined by a system administrator, the system default internal log location MUST be returned.

10 10Copyright © 2011, Printer Working Group. All rights reserved. Common Criteria NIAP CC Status Common Criteria Support Documents Project Charter ftp://ftp.pwg.org/pub/pwg/ids/wd/wd-ids2600sd-charter- 20110202.pdfftp://ftp.pwg.org/pub/pwg/ids/wd/wd-ids2600sd-charter- 20110202.pdf

11 IDS IAA Mindmap file: ftp://ftp.pwg.org/pub/pwg/ids/white/ids-iaa-framework- 20110202.xmindftp://ftp.pwg.org/pub/pwg/ids/white/ids-iaa-framework- 20110202.xmind Identification, Authentication, Authorization Specification outline ftp://ftp.pwg.org/pub/pwg/ids/wd/wd-ids-iaa10-20110202.pdf ftp://ftp.pwg.org/pub/pwg/ids/wd/wd-ids-iaa10-20110202.docx Copyright © 2011, Printer Working Group. All rights reserved.

12 12Copyright © 2011, Printer Working Group. All rights reserved. Identification Framework

13 13Copyright © 2011, Printer Working Group. All rights reserved. Authentication Framework

14 14Copyright © 2011, Printer Working Group. All rights reserved. Authorization Framework

15 15Copyright © 2011, Printer Working Group. All rights reserved. Security Ticket Review XML Schema Element ftp://ftp.pwg.org/pub/pwg/ids/white/ids-security-20110202.xsd

16 16Copyright © 2011, Printer Working Group. All rights reserved. Security Ticket How does a device or service advertise its supported security capabilities? Add a supported security element to the security ticket? Overload of xxxSecurity or a A separate element in the system or service capabilities? In the semantic model, the system object would provide all supported methods, while each service (system, print, etc.) would list only those used by the service. Add required physical hardware security requirements (e.g. dont save data to disk, encrypted disk, etc.) to security information?

17 17Copyright © 2011, Printer Working Group. All rights reserved. Cloud Consideration in the Security Ticket How does the printer advertise it's public key? Do we add public key to the identity element? How best to pass the public key through a cloud manage/provider directly to the user? Need to consider what to encrypt In a cloud environment, want to provide end-to-end encryption of job data, but the job ticket (or at least the security ticket) need to be readable by the cloud print provider and manager so they can match security requirements between the user, devices and services. Cloud Job privacy How to avoid tracking of a job or partial interception. Provide a way to explicitly hide job origination information? (wikileaks type of use case) Runs contrary to the IDS logging assumptions, but is this appropriate for the cloud use model?

18 18Copyright © 2011, Printer Working Group. All rights reserved. Wrap up Review of new action items and open issues Conference call / F2F schedule Next Conference call February 24, 2011 Adjournment

Download ppt "1Copyright © 2011, Printer Working Group. All rights reserved. PWG -Imaging Device Security (IDS) Working Group February 3, 2011 Wailea-Makena, HI PWG."

Similar presentations

Printer Working Group Face-to-Face Meeting December 8, 2010

Printer Working Group Face-to-Face Meeting December 8, 2010
Task Group Chairman and Technical Contact Responsibilities ASTM International Officers Training Workshop September 2012 Scott Orthey and Steve Mawn 1.

Task Group Chairman and Technical Contact Responsibilities ASTM International Officers Training Workshop September 2012 Scott Orthey and Steve Mawn 1.
1Copyright © 2007, Printer Working Group. All rights reserved. Web-based Imaging Management System Working Group Printer Working Group Face-to-Face Meeting.

1Copyright © 2007, Printer Working Group. All rights reserved. Web-based Imaging Management System Working Group Printer Working Group Face-to-Face Meeting.
1Copyright © 2008, Printer Working Group. All rights reserved. Web-based Imaging Management System Working Group Printer Working Group Face-to-Face Meeting.

1Copyright © 2008, Printer Working Group. All rights reserved. Web-based Imaging Management System Working Group Printer Working Group Face-to-Face Meeting.
1 Copyright © 2013 The Printer Working Group. All rights reserved. Printer Working Group Plenary Session May 14, 2013 PWG F2F Meeting Cupertino, CA Michael.

1 Copyright © 2013 The Printer Working Group. All rights reserved. Printer Working Group Plenary Session May 14, 2013 PWG F2F Meeting Cupertino, CA Michael.
1 Copyright © 2013 The Printer Working Group. All rights reserved. Printer Working Group Plenary Session May 14, 2013 PWG F2F Meeting Cupertino, CA Michael.

1 Copyright © 2013 The Printer Working Group. All rights reserved. Printer Working Group Plenary Session May 14, 2013 PWG F2F Meeting Cupertino, CA Michael.
1Copyright © 2011, Printer Working Group. All rights reserved. MPSA/PWG Power Management Survey Results for WIMS WG Session Printer Working Group Face-to-Face.

1Copyright © 2011, Printer Working Group. All rights reserved. MPSA/PWG Power Management Survey Results for WIMS WG Session Printer Working Group Face-to-Face.
1Copyright © 2013 The Printer Working Group. All rights reserved. IEEE-ISTO Printer Working Group Semantic Model WG – CWMP Printer/MFD Data Model Broadband.

1Copyright © 2013 The Printer Working Group. All rights reserved. IEEE-ISTO Printer Working Group Semantic Model WG – CWMP Printer/MFD Data Model Broadband.
IPP Printer State Extensions IPP Working Group 19 February 2007 Maui Craig Whittle / Ira McDonald.

IPP Printer State Extensions IPP Working Group 19 February 2007 Maui Craig Whittle / Ira McDonald.
1Copyright © 2008, Printer Working Group. All rights reserved. Imaging Device Security (IDS) Working Group Longmont, CO - PWG F2F Meeting June 25, 2008.

1Copyright © 2008, Printer Working Group. All rights reserved. Imaging Device Security (IDS) Working Group Longmont, CO - PWG F2F Meeting June 25, 2008.
1Copyright © 2009, Printer Working Group. All rights reserved. PWG -Imaging Device Security (IDS) Working Group Irvine, CA - PWG F2F Meeting April 29,

1Copyright © 2009, Printer Working Group. All rights reserved. PWG -Imaging Device Security (IDS) Working Group Irvine, CA - PWG F2F Meeting April 29,
1 Copyright © 2012 The Printer Working Group. All rights reserved. IPP Working Group Session August 7, 2012 Redmond, WA PWG F2F Meeting.

1 Copyright © 2012 The Printer Working Group. All rights reserved. IPP Working Group Session August 7, 2012 Redmond, WA PWG F2F Meeting.
1 Copyright © 2009, Printer Working Group. All rights reserved. PWG Plenary Status Report IPP Working Group 14 October 2009 Cupertino, CA - PWG F2F Meeting.

1 Copyright © 2009, Printer Working Group. All rights reserved. PWG Plenary Status Report IPP Working Group 14 October 2009 Cupertino, CA - PWG F2F Meeting.
1Copyright © 2009 Printer Working Group. All rights reserved. 1 IPP Working Group Session 24 June 2009 Rochester, NY - PWG F2F Meeting.

1Copyright © 2009 Printer Working Group. All rights reserved. 1 IPP Working Group Session 24 June 2009 Rochester, NY - PWG F2F Meeting.
1Copyright © 2009, Printer Working Group. All rights reserved. PWG -Imaging Device Security (IDS) Working Group Seattle area, WA IDS-Microsoft F2F Meeting.

1Copyright © 2009, Printer Working Group. All rights reserved. PWG -Imaging Device Security (IDS) Working Group Seattle area, WA IDS-Microsoft F2F Meeting.
1Copyright © 2010, Printer Working Group. All rights reserved. PWG Plenary TCG Activity Summary December 2010 Irvine, CA – PWG Meeting Ira McDonald (High.

1Copyright © 2010, Printer Working Group. All rights reserved. PWG Plenary TCG Activity Summary December 2010 Irvine, CA – PWG Meeting Ira McDonald (High.
1Copyright © 2013 The Printer Working Group. All rights reserved. IEEE-ISTO Printer Working Group Semantic Model WG – CWMP Printer/MFD Data Model Broadband.

1Copyright © 2013 The Printer Working Group. All rights reserved. IEEE-ISTO Printer Working Group Semantic Model WG – CWMP Printer/MFD Data Model Broadband.
1 Copyright © 2010, Printer Working Group. All rights reserved. – Page 1 WIMS WG – Status Update PWG Power Management Project 4 August 2010 Bagsvaerd,

1 Copyright © 2010, Printer Working Group. All rights reserved. – Page 1 WIMS WG – Status Update PWG Power Management Project 4 August 2010 Bagsvaerd,
1Copyright © 2009 Printer Working Group. All rights reserved. 1Copyright © 2009, Printer Working Group. All rights reserved. IPP Working Group 17 February.

1Copyright © 2009 Printer Working Group. All rights reserved. 1Copyright © 2009, Printer Working Group. All rights reserved. IPP Working Group 17 February.
1Copyright © 2010, Printer Working Group. All rights reserved. Workgroup for Imaging Management Solutions Workgroup Session Printer Working Group/WIMS.

1Copyright © 2010, Printer Working Group. All rights reserved. Workgroup for Imaging Management Solutions Workgroup Session Printer Working Group/WIMS.

Similar presentations

Ads by Google