Thread Links			Date Links
Thread Prev	Thread Next	Thread Index	Date Prev	Date Next	Date Index

[802SEC] FW: [New-work] WG Review: Recharter of Integrated Security Model forSNMP (isms)

To: STDS-802-SEC@listserv.ieee.org
Subject: [802SEC] FW: [New-work] WG Review: Recharter of Integrated Security Model forSNMP (isms)
From: "Congdon, Paul T (ProCurve)" <paul.congdon@HP.COM>
Date: Wed, 7 Sep 2005 15:27:17 -0700
Reply-To: "Congdon, Paul T (ProCurve)" <paul.congdon@HP.COM>
Thread-Index: AcWz6IBHjaqeQVx/TLy+KVzaYeweRAAEqw5g
Thread-Topic: [New-work] WG Review: Recharter of Integrated Security Model forSNMP (isms)

IEEE 802 WG Chairs,

The following re-charter announcement from the IETF may be of interest
to your WG members.  Feel free to forward this on as appropriate.

Paul 

-----Original Message-----
From: new-work-bounces@ietf.org [mailto:new-work-bounces@ietf.org] On
Behalf Of The IESG
Sent: Wednesday, September 07, 2005 12:58 PM
To: new-work@ietf.org
Subject: [New-work] WG Review: Recharter of Integrated Security Model
forSNMP (isms)

A modified charter has been submitted for the Integrated Security Model
for SNMP (isms) working group in the Security Area of the IETF. The IESG
has not made any determination as yet. The modified charter is provided
below for informational purposes only. Please send your comments to the
IESG mailing list (iesg@ietf.org) by September 14.

+++

Integrated Security Model for SNMP (isms)
=========================================

Current Status: Active Working Group

Chair(s):
Ken Hornstein <kenh@cmf.nrl.navy.mil>
Juergen Quittek <quittek@netlab.nec.de>

Security Area Director(s):
Sam Hartman <hartmans-ietf@mit.edu>
Russell Housley <housley@vigilsec.com>

Security Area Advisor:
Sam Hartman <hartmans-ietf@mit.edu>

Mailing Lists:
General discussion: isms@ietf.org
To (un)subscribe: isms-request@ietf.org
in body: (un)subscribe
Archive:
http://www.ietf.org/mail-archive/working-groups/isms/current/maillist.ht
ml

Description of Working Group:

The Simple Network Management Protocol version 3 (SNMPv3) provides
message security services through the security subsystem, for which
there is one currently defined model - the User-based Security Model
(USM). However, the USM approach has seen limited deployment so far.
One frequently reported reasons is the lack of integration of USM key
and user management into deployed authentication infrastructures.

SSH is a widely deployed access protocol for remote devices
configuration.
Many devices support the integration of SSH user authentication with AAA
systems via protocols such as RADIUS.

The goal of the ISMS working group is developing a new security model
for SNMP that integrates with widely deployed user and key management
systems, as a supplement to the USM security model.

For this integration the working group will define a standard method for
mapping from AAA-provisioned authorization parameter(s) to corresponding
SNMP parameters.

In order to leverage the authentication information already accessible
at managed devices, the new security model will use the SSH protocol for
message protection, and RADIUS for AAA-provisioned user authentication
and authorization.
However, the integration of a transport mapping security model into the
SNMPv3 architecture should be defined such that it is open to support
potential alternative transport mappings to protocols such as BEEP and
TLS.

The new security model must not modify any other aspects of SNMPv3
protocol as defined in STD 62 (e.g., it must not create new PDU types).

Work on new access control models or centralized administration of
View-based Access Control Model (VACM) rules and mappings is outside the
scope of the working group.

The working group will cover the following work items:

- Specify an architectural extension that describes how transport
mapping security models (TMSMs) fit into the SNMPv3 architecture.
- Specify an architectural extension that describes how to perform a
mapping from AAA-provisioned user-authentication and authorization
parameter(s)to securityName and other corresponding SNMP parameters.
- Specify a mapping from RADIUS-provisioned authentication and
authorization parameter(s) to securityName and other corresponding SNMP
parameters. This item may be a RADEXT work item last-aclled in both
groups.
- Specify a mapping from locally-provisioned authentication and
authorization parameter(s) to securityName and other corresponding SNMP
parameters.
- Define how to use SSH between the two SNMP engines
- Specify the SSH security model for SNMP.

Goals an Milestones:

Oct 2005 Initial version of a general transport mapping security models
(TMSMs) document that specifies how TMSMs fit into the SNMPv3
architecture and that defines the requirements for transport mapping
security models.
Oct 2005 Initial version of a document specifying the SSH security model
for SNMP.
Dec 2006 Initial version of a document specifying the RADIUS
authentication and authorization mapping model for SNMP.
Feb 2006 Initial version of an applicability statement that sets up
reasonable mandatory to implement methods.
Feb 2006 Submit TMSM document to IESG
Jun 2006 Submit SSH TMSM to IESG
Jun 2006 Submit RADIUS mapping model for SNMP to IESG Aug 2006 Submit
applicability statement to IESG


_______________________________________________
New-work mailing list
New-work@ietf.org
https://www1.ietf.org/mailman/listinfo/new-work

----------
This email is sent from the 802 Executive Committee email reflector.  This list is maintained by Listserv.

Prev by Date: Re: [802SEC] Mat's recollection of the P&P Votes
Next by Date: [802SEC] Possible disruption in my availability
Prev by thread: [802SEC] P&P Revision Telecon dates
Next by thread: [802SEC] Possible disruption in my availability
Index(es):
- Date
- Thread