In operations that need decision-making in the (near) realtime, policy
framework is a good input. For that, the OSS can efficiently use the policy
framework if it is itself policy based. Examples of QoS and NMS are common.
However "Security" seems just as strong a candidate (if not stronger) for a
Policy Based framework.
Application of RFC 3060 to the NMS was facilitated by the natural course of the
events. For instance, the Policy Framework WG resided within the Operations and
Management Area. So the Network Management considerations were out there by
default. However the same is hard to assume for the "Security" considerations.
Security was not at the top of peoples mind when they developed RFC 3060. Hence
the application of the Policy Framework to a Security system is less straight
forward, though presumably quite feasible and desirable.
Any ideas as to how one goes about developing a Policy Based Security
Framework? What can we do at IETF for that?
Regards
Dr A R Choudhary
-----Original Message-----
From: Haren Visavadia [mailto:haren(_at_)btopenworld(_dot_)com]
Sent: Monday, October 21, 2002 2:14 PM
To: 'Choudhary, Abdur R (Rahim)'
Cc: ietf(_at_)ietf(_dot_)org
Subject: RE: VoIP Security
I think that a Security Framework is more useful if it is Policy Based.
I strongly agree with that. I think that is the only way to improve
security overall for the better.