[IPP] Updated draft of IPP Job Save Password posted for review and discussion

[IPP] Updated draft of IPP Job Save Password posted for review and discussion

Kennedy, Smith (Wireless & Standards Architec) smith.kennedy at hp.com
Tue Feb 6 19:41:59 UTC 2018 

Hi Mike,

Responding below - feel free to reserve your responses until the session tomorrow.

Smith


> On Feb 6, 2018, at 7:27 AM, Michael Sweet <msweet at apple.com> wrote:
> 
> Smith,
> 
> Thanks for this, I will update the F2F slide accordingly...
> 
> FWIW, the current text still adds the save password to job-save-disposition which has the unfortunate security implication of exposing the password as part of the job ticket.

Details like this are still difficult for me to follow. I'm working on writing an "IPP Attribute Design Principles and Design Patterns" document now (I've said I wanted to do this for a couple of years), to try to organize and grow my understanding in this area, and to document it for posterity because the implications of selecting an attribute's group is unfortunately quite obscure and very nuanced.

>  I also think we still need to better define the use cases and flow of information - not only for definition of the attribute(s) but for the security considerations.

Perhaps those can come out in the discussion, at least a more detailed list of aspects you feel need to be covered but aren't currently.

>  Finally, I think our discussions on encrypted documents may overlap with this one... :/

I totally agree, and I have an updated draft of that waiting to be posted. I will just post it and if we end up looking at use cases from that tomorrow then I'm fine with that. Originally I was thinking that this might be a stepping stone to IPP Document Encryption, which could likely solve both needs.

> 
> 
>> On Feb 5, 2018, at 7:13 PM, Kennedy, Smith (Wireless & Standards Architec) <smith.kennedy at hp.com <mailto:smith.kennedy at hp.com>> wrote:
>> 
>> Greetings,
>> 
>> I have just posted an updated draft of IPP Job Save Password. It is available here:
>> 
>>    https://ftp.pwg.org/pub/pwg/ipp/whitepaper/tb-savepassword-20180205.pdf <https://ftp.pwg.org/pub/pwg/ipp/whitepaper/tb-savepassword-20180205.pdf> 
>>    https://ftp.pwg.org/pub/pwg/ipp/whitepaper/tb-savepassword-20180205.odt <https://ftp.pwg.org/pub/pwg/ipp/whitepaper/tb-savepassword-20180205.odt>
>>    https://ftp.pwg.org/pub/pwg/ipp/whitepaper/tb-savepassword-20180205-rev.pdf <https://ftp.pwg.org/pub/pwg/ipp/whitepaper/tb-savepassword-20180205-rev.pdf> 
>>    https://ftp.pwg.org/pub/pwg/ipp/whitepaper/tb-savepassword-20180205-rev.odt <https://ftp.pwg.org/pub/pwg/ipp/whitepaper/tb-savepassword-20180205-rev.odt> 
>> 
>> Although I think that the changes I have made to produce this new draft have resolved some of the points of feedback from the last review on Dec. 14, 2017, these changes may still not have resolved these issues. Here are the minutes from the last meeting:
>> 
>> Comments from IPP mailing list:
>> Section 1: some mention of job-password being a Job Template attribute, but it is an operation attribute (which is correctly noted in subsequent sections
>> Section 4.2: Any password attribute needs to be protected, so these should be operation attributes and not Job Template...
>> Section 6: Will obviously need a lot of discussion of how to protect and handle the passwords.
>> Overall I'm still not sure about the use case for this, or how it would all work together. Is this an extension of "job-save-disposition", where the password would be used for the saved document? If so,I'd recommend that the attributes be called "job-save-password[-xxx]" to make that clearer, and add some discussion of that.
>> Also, how does a Client re-print the saved job? Resubmit-Job with "document-password"?
>> Maybe we need to refactor this: "job-save-accesses (1setOf collection)" attribute to provide credentials for saving to a URI like we do for document-access (INFRA) and destination-accesses (FaxOut).
>> Don't specify an IPP way to do the "allow another user to reprint the saved content", e.g. Smith saves to network storage and then grants access to Bob through an out-of-band interface
>> Encryption isn't a requirement, but access control *is*
>> Two use cases for save + reprint:
>> Using an IPP client to look at saved jobs and resubmit through IPP
>> Reprint through printer console (most common scenario for HP)
>> Reprint user may or may not be the person that submitted the original job
>> 
>> Please review the draft and come to discuss this in the session on Wednesday afternoon at the February 2018 vF2F.
>> 
>> Cheers,
>> 
>> Smith
>> 
>> /**
>>     Smith Kennedy
>>     Wireless & Standards Architect - IPG-PPS
>>     Standards - IEEE ISTO PWG / Bluetooth SIG / Wi-Fi Alliance / NFC Forum / USB-IF
>>     Chair, IEEE ISTO Printer Working Group
>>     HP Inc.
>> */
>> 
>> 
>> 
>> _______________________________________________
>> ipp mailing list
>> ipp at pwg.org <mailto:ipp at pwg.org>
>> https://www.pwg.org/mailman/listinfo/ipp <https://www.pwg.org/mailman/listinfo/ipp>
> 
> _________________________________________________________
> Michael Sweet, Senior Printing System Engineer
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.pwg.org/pipermail/ipp/attachments/20180206/a5f85a76/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4241 bytes
Desc: not available
URL: <http://www.pwg.org/pipermail/ipp/attachments/20180206/a5f85a76/attachment.p7s>

More information about the ipp mailing list