Positif project
Policy-based Security Tools and Framework
Project → Standards english polish
 Overview
   Why Positif
   What you get
   Examples
   Framework
   News
   Events
   Conferences
 Project
   Workpackages
   Documents
   Deliverables
   Software
   Standards
    → SDL
    → SPL
   Dissemination
   Partners
 Other
   Contact Us
   Newsletter
   Links
   Internal area
Information Society Technologies

 »   Standards definition

POSITIF project will participate in security standards evolving. For those cases where there is a lack of standards (as for the description of system architecture, security features and configuration information), the project's development will be targeted to the definition of standards within the proper open international standardization group.
Target groups are:

  • IETF (Internet Engineering Task Force)
  • OASIS (Organization for the Advancement of Structured Information Standards)
  • DMTF (Distributed Management Task Force)
  • ETSI (European Telecommunications Standards Institute)
  • CEN (European Committee for Standardization)

During the project two languages: SPL (Security Policy Language) and SDL (System Description Language) will be defined, they will be used by the project to describe the security policies to be enforced and the target system to be configured and managed.
SPL will use, integrate and extend the features of other policy languages and formats, such as Ponder, KeyNotes, XACML, SAML, PCIM, CIM. The SDL language will be developed to describe networked systems and applications with the needed degree of detail.

 »   Standards used

The project supports the European policy of open standards as it will make heavy use of them wherever such standards exist (for communication protocols and certain data format and application-level protocols). Open standard-based languages, interfaces and protocols will be used on many different layers of developed framework, including policy and system description, configuration instructions and deployment, threat monitoring.

Standard network management protocols:

  • SNMP (Simple Network Management Protocol, IETF)
  • IPSP (IP Security Policy, IETF)
  • HTTP (Hyper Text Transfer Protocol, W3C)
  • IDXP (Intrusion Detection eXchange Protocol, IETF)

Standard data formats and languages:

  • SAML (Security Assertion Markup Language, OASIS)
  • Ponder (A Policy Language for Distributed Systems Management)
  • KeyNotes
  • PCIM (Policy Core Information Model, IETF)
  • CIM (Common Information Model, DMTF)
  • HTML (Hypertext Markup Language, W3C)
  • XACML (eXtensible Access Control Markup Language, OASIS)
  • XML (Extensible Markup Language, W3C)
  • IDMEF (Intrusion Detection Message Exchange Format, IETF)

Encrypted protocols and data :

  • SSL
  • IPsec (IP Security Protocol, IETF)
  • S/MIME (Secure/Multipurpose Internet Mail Extensions, IETF)
 
webmaster   •   © POSITIF Project 2004 - 2007