IPP>SEC - Security services

IPP>SEC - Security services

IPP>SEC - Security services

Roger K Debry rdebry at us.ibm.com
Thu May 29 15:03:03 EDT 1997

As there has been some email on this and we have discussed
it in our Security subgroup, I wanted to float a proposal and see
what comments you all have.  Given last weeks decusion on http,
I believe that we now have a small set of choices for IPP security.
My view is that an installation can choose to implement whatever
of these services they want, as each provides unique capabilities
...at some price...

The choices for security are:

(1) http basic authentication
- not really secure, but probably viable within a trusted environment
  where security is not an issue. Probably used only for identification,
  possibly only for accounting purposes. Does not provide any
   message protection.

(2) http digest access authentication
- not stong authentication, but viable within a trusted environment
   where one wants a lightweight solution but does not want passwords
   sent in the clear as in basic authentication. Would be used when
   authorization to use resources is required. Does not provide any
   message protection.

(3) SSL or TLS
- strong security when operating outside of a trusted environment. Does
   require more infrastructure to support. Would be required when strong
   authentication or message protection (privacy, integrity, non-repudiation)
   is needed.

Given this set of choices, it seems that we only need something in the directory
that says this Printer requires some authentication to get to it (could be any
(1), (2), or (3). That is, if I want to use this Printer I must be prepared to
offer some

A Printer that supports (1) or (2) simply uses the existing http
authentication mechanisms. A Printer which uses (3) would
advertise a URI that would indicate SSL or TLS was to be used in the http

Roger K deBry
Senior Techncial Staff Member
Architecture and Technology
IBM Printing Systems
email: rdebry at us.ibm.com
phone: 1-303-924-4080

More information about the Ipp mailing list