1 / 6

Enhancing SACM Architecture: Definitions, Roles, and Control Plane Clarifications

This document summarizes the discussion led by Nancy Cam-Winget in July 2014, focusing on the Security Automation and Continuous Monitoring (SACM) architecture. Key action items include the need to define roles, capabilities, and functions clearly, particularly how they interact between control and data planes. It emphasizes understanding the relationships with other IETF efforts and the importance of terminology such as role, capability, and baseline. The paper also highlights essential components like authentication, capability registration, and security considerations within data transfer protocols.

maxwell-dickerson
Télécharger la présentation

Enhancing SACM Architecture: Definitions, Roles, and Control Plane Clarifications

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SACM Architecture Discussion Summary Nancy Cam-Winget July 2014

  2. Action ItemsSACM Architecture • Add text to define roles and distinction of role, capability and functions • Add test to clarify functions that occur in control plane vs. data plane • Include relationship with other IETF efforts and how they interact/interdepend with SACM

  3. Terminology Additions • Role • Capability • Baseline • Guideline

  4. SACM Architecture - Conceptual Posture Assessment Information Requestor Posture Assessment Information Requestor Posture Assessment Information Requestor Control Plane Data Plane Broker/Proxy/Repository: authZ, directory, metadata/capability Posture Assessment Information Requestor Posture Assessment Information Requestor Posture Assessment Information Provider

  5. Discussion Summary • Control Plane: • Captures capability announcements (registers them manually or dynamically) • Provides authentication capability (TBD protocol) • Enables a resource to find capability providers • “Client” is an entity that can be a Requestor or Provider or both • Capability Definition • Provider and/or consumer data • Ability to exchange taxonomy (language about schemas provided) • Optional/May • Data Transfer protocols vs. Data models • Security consideration: protection of transport vs. data (or both) • Authentication protocols – handle directly or indirect/SSO

  6. Q & A

More Related