1 / 6

SACM Architecture Discussion Summary

SACM Architecture Discussion Summary. Nancy Cam-Winget July 2014. Action Items SACM Architecture. Add text to define roles and distinction of role, capability and functions Add test to clarify functions that occur in control plane vs. data plane

Download Presentation

SACM Architecture Discussion Summary

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. SACM Architecture Discussion Summary Nancy Cam-Winget July 2014

  2. Action ItemsSACM Architecture • Add text to define roles and distinction of role, capability and functions • Add test to clarify functions that occur in control plane vs. data plane • Include relationship with other IETF efforts and how they interact/interdepend with SACM

  3. Terminology Additions • Role • Capability • Baseline • Guideline

  4. SACM Architecture - Conceptual Posture Assessment Information Requestor Posture Assessment Information Requestor Posture Assessment Information Requestor Control Plane Data Plane Broker/Proxy/Repository: authZ, directory, metadata/capability Posture Assessment Information Requestor Posture Assessment Information Requestor Posture Assessment Information Provider

  5. Discussion Summary • Control Plane: • Captures capability announcements (registers them manually or dynamically) • Provides authentication capability (TBD protocol) • Enables a resource to find capability providers • “Client” is an entity that can be a Requestor or Provider or both • Capability Definition • Provider and/or consumer data • Ability to exchange taxonomy (language about schemas provided) • Optional/May • Data Transfer protocols vs. Data models • Security consideration: protection of transport vs. data (or both) • Authentication protocols – handle directly or indirect/SSO

  6. Q & A

More Related