Please note there is a new version of this document posted. Trevor and I did
not get finished doing all of the updates that I thought were necessary before
he went on vacation, but we did get much farther towards a document I would
consider acceptable.
Please review the document with strong focus on the use cases, the model and
the requirements.
Please feel free to send comments to me and Trevor, but please remove the abfab
and smime mailing lists and just leave the plasma list in your mail. I am
sending this mail to a wider set of people to try and get more reviews.
Thanks
Jim
-----Original Message-----
From: internet-drafts(_at_)ietf(_dot_)org
[mailto:internet-drafts(_at_)ietf(_dot_)org]
Sent: Wednesday, August 03, 2011 7:20 PM
To: ietf(_at_)augustcellars(_dot_)com
Cc: ppatterson(_at_)carillon(_dot_)ca; ietf(_at_)augustcellars(_dot_)com;
trevorf(_at_)microsoft(_dot_)com
Subject: New Version Notification for
draft-freeman-message-access-control-req-02.txt
A new version of I-D, draft-freeman-message-access-control-req-02.txt has been
successfully submitted by Jim Schaad and posted to the IETF repository.
Filename: draft-freeman-message-access-control-req
Revision: 02
Title: Requirements for Message Access Control
Creation date: 2011-08-03
WG ID: Individual Submission
Number of pages: 33
Abstract:
There are many situations where organizations want to protect
information with robust access control, either for implementation of
intellectual property right protections, enforcement of information
contractual confidentiality agreements or because of externally
imposed legal regulations. The Enhanced Security Services (ESS) for
S/MIME defines an access control mechanism which is enforced by the
recipient's client after decryption of the message. The ESS mechanism
therefore is dependent on the correct access policy configuration of
every recipient's client. This mechanism also provides full access to
the data to all recipients prior to the access control check which is
considered to be inadequate for due to the difficulty in
demonstrating policy compliance.
This document lays out the deficiencies of the current ESS security
label, and presents requirements for new model for doing access
control to messages where the access check is performed prior to
message content decryption. This new model also does not require
policy configuration on the client to simplify deployment and
compliance verification.
The proposed model additionally provides a method where non-X.509
certificate credentials can be used for encryption/decryption of
S/MIME messages.
The IETF Secretariat
_______________________________________________
smime mailing list
smime(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/smime