Presentation is loading. Please wait.

Presentation is loading. Please wait.

Dec 5, 2007NEA Working Group1 NEA Requirement I-D IETF 70 – Vancouver Mahalingam Mani Avaya Inc.

Published byBerniece Flynn Modified over 8 years ago

Similar presentations

Presentation on theme: "Dec 5, 2007NEA Working Group1 NEA Requirement I-D IETF 70 – Vancouver Mahalingam Mani Avaya Inc."— Presentation transcript:

1 Dec 5, 2007NEA Working Group1 NEA Requirement I-D IETF 70 – Vancouver Mahalingam Mani Avaya Inc.

2 Dec 5, 2007NEA Working Group2 Agenda Summary of Changes July-Nov ‘07 –(-03 through -05 versions) –Common Requirements –PA –PB –PT Open Mike

3 Dec 5, 2007NEA Working Group3 Common changes summary Reworded multiple round-trip requirement (C1): –“NEA protocols MUST support multiple round trips between the NEA Client and NEA Server in a single assessment. ” Consolidated two requirements (C2) –Assessment and re-assessment as needed Qualified security requirement to make configurable (C3) –“protocols including security capabilities” Moved in bandwidth/latency requirement from PT (C8) Moved in Internationalization Requirement from PA (C- 10) Removed an explicit requirement (in -03) to support “assessment modes that reduce the amount of information exchanged for assessment”

4 Dec 5, 2007NEA Working Group4 PA Changes summary Communication of attributes (PA 1,2) –Tightened to be consistent between standard and vendor-specific attributes requirements –Included extensibility of attribute sets Clarified need to support multiple attribute requests by Posture Validator in a single assessment (PA3) Validator -> Collector attributes (PA4) –Consolidated requirements (remediation & results) and generalized to attributes PA Security (PA5) –From MUST to SHOULD (providing authentication, message integrity and confidentiality)

5 Dec 5, 2007NEA Working Group5 PB changes Summary Generalized server->client attributes requirements (results, remediation,…) (PB1) Added: Opacity (PB2) –MUST NOT interpret PA contents Added: MUST support half-duplex PT protocols (PB4) –PB will use full-duplex when PT allows it Security: PB server & PB client terminology (PB5) –In place of NEA server & NEA client terminology.

6 Dec 5, 2007NEA Working Group6 PT changes summary Added: Opacity (PT-1) –MUST NOT interpret PB/PA contents Security (PT-2) –Consolidated requirements: confidentiality, message integrity with mutual authentication and replay protection clauses Transport requirements (PT-4, PT-5) –specify re-use of existing access protocols for PT –Ability to run over TCP or UDP transports

7 Dec 5, 2007NEA Working Group7 Common Requirements C-1 NEA protocols MUST support multiple round trips between the NEA Client and NEA Server in a single assessment. C-2 NEA protocols SHOULD provide a way for both the NEA Client and the NEA Server to initiate a posture assessment or reassessment as needed. C-3 NEA protocols including security capabilities MUST be capable of protecting against active and passive attacks by intermediaries and endpoints including prevention from replay based attacks. C-4 The PA and PB protocols MUST be capable of operating over any PT protocol. C-5 The selection process for NEA protocols MUST evaluate and prefer the reuse of existing open standards that meet the requirements before defining new ones.

8 Dec 5, 2007NEA Working Group8 Common Requirements C-6 NEA protocols MUST be highly scalable; the protocols MUST support many Posture Collectors on a large number of NEA Clients… C-7 The protocols MUST support efficient transport of a large number of attribute messages between the NEA Client and the NEA Server. C-8 NEA protocols MUST operate efficiently over low bandwidth or high latency links. C-9 For any strings intended for display to a user, the protocols MUST support adapting these strings to the user's language preferences. C-10 NEA protocols MUST support encoding of strings in UTF-8 format.

9 Dec 5, 2007NEA Working Group9 PA Requirements PA-1 The PA protocol MUST support communication of an extensible set of NEA standards defined attributes. These attributes will be uniquely identifiable from non-standard attributes. PA-2 The PA protocol MUST support communication of an extensible set of vendor-specific attributes. These attributes will be segmented into uniquely identifiable vendor specific name spaces. PA-3 The PA protocol MUST enable a Posture Validator to make one or more requests for attributes from a Posture Collector within a single assessment.

10 Dec 5, 2007NEA Working Group10 PA Requirements PA-4 The PA protocol MUST be capable of returning attributes from a Posture Validator to a Posture Collector. PA-5 The PA protocol SHOULD provide authentication, integrity, and confidentiality of attributes communicated between a Posture Collector and Posture Validator. PA-6 The PA protocol MUST be capable of carrying attributes that contain non-binary and binary data including encrypted content.

11 Dec 5, 2007NEA Working Group11 PB Requirements PB-1 The PB protocol MUST be capable of carrying attributes from the Posture Broker Server to the Posture Broker Client. PB-2 The PB protocol MUST NOT interpret the contents of PA messages being carried, i.e., the data it is carrying must be opaque to it. PB-3 The PB protocol MUST carry unique identifiers that are used by the Posture Brokers to route (deliver) PA messages between Posture Collectors and Posture Validators. Such message routing should facilitate dynamic registration or deregistration of Posture Collectors and Validators.

12 Dec 5, 2007NEA Working Group12 PB Requirements PB-4 The PB protocol MUST be capable of supporting a half-duplex PT protocol. However this does not preclude PB from operating full- duplex when running over a full-duplex PT. PB-5 The PB protocol MAY support authentication, integrity and confidentiality protection for the attribute messages it carries between a Posture Broker Client and Posture Broker Server. This provides security protection for a message dialog of the groupings of attribute messages exchanged between the Posture Broker Client and Posture Broker Server. PB-6 The PB protocol MUST support grouping of attribute messages to optimize transport of messages and minimize round trips.

13 Dec 5, 2007NEA Working Group13 PT Requirements PT-1 The PT protocol MUST NOT interpret the contents of PB messages being transported, i.e., the data it is carrying must be opaque to it. PT-2 The PT protocol MUST be capable of supporting mutual authentication, integrity, confidentiality and replay protection of the PB messages between the Posture Transport Client and the Posture Transport Server. PT-3 The PT protocol MUST provide reliable delivery for the PB protocol. This includes the ability to perform fragmentation and reassembly, detect duplicates, and reorder to provide in- sequence delivery, as required.

14 Dec 5, 2007NEA Working Group14 PT Requirements PT-4 The PT protocol SHOULD be able to run over existing network access protocols such as 802.1X and IKEv2. PT-5 The PT protocol SHOULD be able to run between a NEA Client and NEA Server over TCP or UDP (similar to LDAP).

15 Dec 5, 2007NEA Working Group15 Questions?

Download ppt "Dec 5, 2007NEA Working Group1 NEA Requirement I-D IETF 70 – Vancouver Mahalingam Mani Avaya Inc."

Similar presentations

Adapted Multimedia Internet KEYing (AMIKEY): An extension of Multimedia Internet KEYing (MIKEY) Methods for Generic LLN Environments draft-alexander-roll-mikey-lln-key-mgmt-01.txt.

Adapted Multimedia Internet KEYing (AMIKEY): An extension of Multimedia Internet KEYing (MIKEY) Methods for Generic LLN Environments draft-alexander-roll-mikey-lln-key-mgmt-01.txt.
Qusay H. Mahmoud CIS*6650.01 1 CIS*6650.01 Service-Oriented Computing Qusay H. Mahmoud, Ph.D.

Qusay H. Mahmoud CIS* CIS* Service-Oriented Computing Qusay H. Mahmoud, Ph.D.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 8: Monitoring the Network Connecting Networks.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 8: Monitoring the Network Connecting Networks.
TLS. 14.1 Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.

TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.
Secure Socket Layer.

Secure Socket Layer.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 7: Transport Layer Introduction to Networking.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 7: Transport Layer Introduction to Networking.
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.

BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
OSI Model OSI LAYER / MODEL.

OSI Model OSI LAYER / MODEL.
IETF NEA WG (NEA = Network Endpoint Assessment) Chairs:Steve Hanna, Susan Thomson,

IETF NEA WG (NEA = Network Endpoint Assessment) Chairs:Steve Hanna, Susan Thomson,
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 OSI Transport Layer Network Fundamentals – Chapter 4.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 OSI Transport Layer Network Fundamentals – Chapter 4.
Securing TCP/IP Chapter 6. Introduction to Transmission Control Protocol/Internet Protocol (TCP/IP) TCP/IP comprises a suite of four protocols The protocols.

Securing TCP/IP Chapter 6. Introduction to Transmission Control Protocol/Internet Protocol (TCP/IP) TCP/IP comprises a suite of four protocols The protocols.
Data Networking Fundamentals Unit 7 7/2/2015 1 Modified by: Brierley.

Data Networking Fundamentals Unit 7 7/2/ Modified by: Brierley.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Communicating over the Network Network Fundamentals – Chapter 2.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Communicating over the Network Network Fundamentals – Chapter 2.
NEA Working Group IETF meeting Nov 17, 2011 IETF 82 - NEA Meeting1.

NEA Working Group IETF meeting Nov 17, 2011 IETF 82 - NEA Meeting1.
Process-to-Process Delivery:

Process-to-Process Delivery:
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.
1 Chapter 24-25 Internetworking Part 4 (Transport Protocols, UDP and TCP, Protocol Port Numbers)

1 Chapter Internetworking Part 4 (Transport Protocols, UDP and TCP, Protocol Port Numbers)
1 Transport Layer Computer Networks. 2 Where are we?

1 Transport Layer Computer Networks. 2 Where are we?
Wireless and Email Security CSCI 5857: Encoding and Encryption.

Wireless and Security CSCI 5857: Encoding and Encryption.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Network Services Networking for Home and Small Businesses – Chapter.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Network Services Networking for Home and Small Businesses – Chapter.

Similar presentations

Ads by Google