[Standards-JIG] JEP-163 (SPPS) comments

Peter Saint-Andre stpeter at jabber.org
Mon Jan 30 21:48:42 UTC 2006

Hash: SHA1

Hal Rottenberg wrote:
> On 1/29/06, Kevin Smith <kevin at kismith.co.uk> wrote:
>>> For all three of these, I think the "MUST allow" should be "SHOULD
>>> allow", to account for other potential access controls that the
>>> server may know.  One example might be ethical boundaries enforced
>>> by a policy engine.
>> Can you give an example? I'm keen on spps staying as simple and well
>> defined as possible and only allowing doubt where absolutely necessary.
> I can.  Take your average government agency.  In the U.S. at least, a
> lot of the technology they use must support not only DAC
> (discretionary access control lists) but MAC (mandatory).  Meaning I
> can choose to share some data with Joe, but only if the MAC has been
> satisfied first.  He may not have the appropriate security clearance.
> Therefore, our hypothetical gov't jabber server may have an added
> layer of security that checks the LDAP for fields which correspond to
> a person's department, rank, clearance level, function, whatever. 
> This is the policy engine JH referred to.
> We don't want the JEP to prevent the evolution of this type of system.

Agreed. The text needs to say something about MUST subject to
appropriate security policies (if that's "SHOULD", then so be it).


- --
Peter Saint-Andre
Jabber Software Foundation

Version: GnuPG v1.4.1 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3641 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mail.jabber.org/pipermail/standards/attachments/20060130/b4fd2b8d/attachment.bin>

More information about the Standards mailing list