Re: IDS> NAP binding spec new draft

From: Brian Smithson (brian.smithson@ricoh-usa.com)
Date: Mon Feb 02 2009 - 14:24:23 EST

  • Next message: Randy Turner: "Re: IDS> NAP binding spec new draft"
    Randy,

    Well, now I'm not sure what I'm proposing :-).

    By "IDS mapping document", do you mean a document that contains describes how the IDS attributes apply to all of the schemes that we plan to support, e.g. NAP, NEA, TNC, ...?

    What I was think I was proposing was something like this:
    • [MS-SOH] specifies what is expected to support NAP. Other non-PWG documents specify what is expected for other schemes (NEA, TNC...).
    • [HCD-ATR] specifies the HCD-specific attributes that shall/should be supported in all schemes.
    • [HCD-NAP] specifies how the HCD-specific attributes are mapped to [MS-SOH], and if necessary, also contains describes how the standard NAP attributes should be interpreted when applied to HCDs. It would fully specify the bits and bytes of NAP support for HCDs, including both the standard NAP stuff and the HCD-specific stuff. [HCD-NEA], [HCD-TNC], ... would do the same thing for other schemes.
    There would be some information in [HCD-NAP] that is also presented in [MS-SOH] and [HCD-ATR], and we would need to be careful to ensure that they stay in sync. I think that the main distinction between them would be that the protocol binding spec would focus on the bits and bytes, and the other documents (particularly [HCD-ATR]) would contain more descriptive information.
    --
    Regards,
    Brian Smithson
    PM, Security Research
    PMP, CISSP, CISA, ISO 27000 PA
    Advanced Imaging and Network Technologies
    Ricoh Americas Corporation
    (408)346-4435


    Randy Turner wrote:
    Hi Brian,

    I think what you're really proposing is that there would be an "IDS mapping document" and not a NAP document.  This one document would be single
    reference for implementers.  Does this sound right?

    Randy


    On Feb 2, 2009, at 10:42 AM, Brian Smithson wrote:

    Regarding the new NAP draft:

    I tried to remove information that was already specified in other specs (MS-SOH and HCD-ATR) but unless I am mistaken, it was not as straightforward as we may have thought it might be. Nine of the attributes are described in other specs, so they fit nicely into the tabular format that was suggested back in October's meeting. However, the other eleven needed to be described in the NAP spec and for those I referred to subsequent sections for the details. Looking at the overall result, I'm wondering if this has made the NAP spec less usable for implementers. Some of the necessary information is in the NAP spec itself, some of it needs to be retrieved from one of two other documents, and some of it needs to be retrieved from yet another document (PA-TNC) that is referenced by one of the referenced documents (HCD-ATR).

    Maybe it would be better to fully specify things in the NAP spec? I realize that this will place the same information in two documents and risking that they lose sync with one another, but ultimately I think we want a binding spec to be implementer-friendly.

    Let's discuss on Thursday's call...
    --
    Regards,
    Brian Smithson
    PM, Security Research
    PMP, CISSP, CISA, ISO 27000 PA
    Advanced Imaging and Network Technologies
    Ricoh Americas Corporation
    (408)346-4435


    Nevo, Ron wrote:

    New NAP binding spec. updated by Brian is now posted.

    ftp://ftp.pwg.org/pub/pwg/ids/wd/wd-ids-napsoh10-20090130_ncb.pdf


    Regards

    Ron Nevo

    Senior Product Manager 

    Information Security, DVM, Standards and Compliance

    Sharp Imaging and Information Company of America

    www.sharpusa.com/products/applications/home/

    ______________________________________________

    Sharp Plaza  Mahwah    NJ 07430      nevor@sharpsec.com

    Phone: 201-760-3937   Fax: 201-529-9673  Cell: 201-220-5945

    The contents of this email are the property of the sender.

    If it was not addressed to you, you have no legal right to read it .

    If you think you received it in error, please notify the sender.

    Do not forward or copy without permission of the sender.

    "Be Secure. Be Sharp."