PCLS Security Considerations Policy Framework WG 49 th IETF, San Diego

1. PCLS Security Considerations Policy Framework WG49th IETF, San Diego Ed Ellesson, ellesson@tivoli.com

2. PCLS Security Considerations • Background: (developing with Security Area) • PCIM passed to Proposed Standard with a security section pointing to subsequent docs for details • PCLS is the instantiable mapping of PCIM to an ldap-accessible directory representation. • Other docs will subclass PCIM to QOS, IPsec and other domains. • Still other docs will map these subclassed models to directory representations. • Issue: What sec. considerations go into PCLS? • ldap-specific considerations? • Common mapping considerations?

3. PCLS Security Section Outline (1) • General • Pointer to PCIM • Add pointer to LDAP security docs? (RFC 2829, 2830) • Services and mechanisms, but not the wire • Users • Pointer to PCIM, except there is nothing specific to service users there. • Can’t really say anything about end users,since dependent on application domain…qos, ipsec • Add Policy Servers (PDPs) as users of schema? • Administrators (Leave this to subsequent docs?) • Administrators of schema • Administrators of schema content (instances)

4. PCLS Security Section Outline (2) • Some Service Topics in PCLS: • Audit Trail Functionality • Access Control/Authorization • Authentication • Integrity/Privacy • Denial of Service • Or should they go in the individual domain specific mapping documents: • QPIM and QDDIM mapping docs • IPSP mapping doc • Work in parallel with domain-specific mapping docs