> I agree that it is essential to discuss security requirements
> for admin ops. There must be other projects, drafts etc who
> have encountered similar requirements. It might help (speed
> things up) if you could point me to a reference which you
> feel would align with our admin security requirements in
> terms of scope and approach.
I'll try. I'll see if I can find something by searching the RFC editor's
archives and maybe get some help from a security guy who knows something