My comments on the Aug 6 IDS Model Document are included below….
IDS Model Document (Aug 6 2012 version) - comments
Section 5 - We might want to include OAUTH and OpenID here, especially in the case of imaging-related web-apps like cloud printing.
Seems like section 6 "Security Actors" should come very early in the document, prior to use-cases or other discussion of security procedures -- just to level set the conversation
Section 6.3 - In other standards documents, the terms used are "client", for a client of a service, and "peer", when an entity can be both a client and a service. User can be confusing sometimes, as it is predominantly thought of as a human, where the term "client" is a little more wide in it's definition. Just a suggestion.
Section 7 - NVE and "Visible" seem like the same thing, in fact the text of "Visible" says "e.g. a network visible entity"
The visibility definitions seem confusing, and somewhat counter-intuitive. For instance, "Network Visible" and "Network Visible Entity", why do we need both?
Instead of "Securely Visible", "accessible", and "inaccessible", we just need to say that the device is "secured" or "not secured"
Section 8 -
Seems like we've defined user roles over and over again in numerous documents -- can't we just reference something here? It looks like we've referenced DMTF and PWG Semantic Model, but are we really inventing any new user roles?
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.