[Standards-JIG] JEP-163 (SPPS) comments
stpeter at jabber.org
Mon Jan 30 21:48:42 UTC 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hal Rottenberg wrote:
> On 1/29/06, Kevin Smith <kevin at kismith.co.uk> wrote:
>>> For all three of these, I think the "MUST allow" should be "SHOULD
>>> allow", to account for other potential access controls that the
>>> server may know. One example might be ethical boundaries enforced
>>> by a policy engine.
>> Can you give an example? I'm keen on spps staying as simple and well
>> defined as possible and only allowing doubt where absolutely necessary.
> I can. Take your average government agency. In the U.S. at least, a
> lot of the technology they use must support not only DAC
> (discretionary access control lists) but MAC (mandatory). Meaning I
> can choose to share some data with Joe, but only if the MAC has been
> satisfied first. He may not have the appropriate security clearance.
> Therefore, our hypothetical gov't jabber server may have an added
> layer of security that checks the LDAP for fields which correspond to
> a person's department, rank, clearance level, function, whatever.
> This is the policy engine JH referred to.
> We don't want the JEP to prevent the evolution of this type of system.
Agreed. The text needs to say something about MUST subject to
appropriate security policies (if that's "SHOULD", then so be it).
Jabber Software Foundation
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 3641 bytes
Desc: S/MIME Cryptographic Signature
More information about the Standards