Scott, you asked for some suggestions on security for the model document.
Currently you have two sections on security, one on conformance (5.4) and the
other on security considerations (7).
I'd recommend something like the following:
Section 5.4: Security Conformance Requirements
The security mechanisms for IPP fall outside the scope of the application layer
protocol itself, and are described in detail in the Internet Draft "Internet
Printing
Protocol/1.0: Security". It is required that the Internet Printing Protocol be
able to
operate in a secure environment. A conforming IPP implementation SHOULD
provide a range of security services which can be tailored to meet the
individual
needs of a specific installation. These MUST include HTTP 1.1 basic and
digest authentication, and SHOULD in addition support a secure communication
channel, such as Transport Layer Security (TLS) and/or IP Security (IPSec).
Section 7: Security Considerations
The Internet Draft "Internet Printing Protocol/1.0: Security" provides a
detailed
discussion of the security considerations for IPP. Every time a new connection
is established with a Printer object or with a job Object, a new security
context
must be established. However, it is up to the site administrator to determine
the
specific security requirements for any given IPP operation. This will be
established
through implementation specific means which are outside the scope of this
standard. When a Job object is created, a security token MUST be associated
with the Job which defines the most authenticated name of the user creating the
job. When required by administratively established policy, this token MUST
match
the authenticated name provided on any subsequent operation on that job.
Roger K deBry
Senior Technical Staff Member
Architecture and Technology
IBM Printing Systems
email: rdebry at us.ibm.com
phone: 1-303-924-4080