Minutes of SRG Meeting
1. The meeting was opened by the convener Kevin Murphy at 9:13 on June 12, 1990. Kevin welcomed all attendees who were then asked to briefly introduce themselves since there were several new faces present.
2. The list of attendees is attached to the minutes.
3. Ron Elliott volunteered to be secretary for the meeting.
4. The terms of reference for the Security Rapporteur Group were then discussed and some changes made to those, which had been circulated with the last minutes. The final version is as follows:
a. To provide a focus for the presentation of security concerns regarding SC22/WG15 from the international community
b. To make appropriate recommendations to SC22/WG15, such that the emerging SC22/WG15 documents will accommodate the security needs of the international community
c. To seek coordination with similar security efforts undertaken by other international regional or national bodies.
A resolution (#1) was written for submittal to the WGI5, asking for these terms of reference to be approved.
5. There was then a short report on ths status of P1003.6. Draft 6 is available and this will become Draft 7 if approved at the next P1003.6 meeting in Danvers on July 15—19. Much work has been done in reformatting the document, doing some of the clean-up requested by this group, and generally getting all the various functions documented.
The targeted balloting date within IEEE has now been moved to after the April 1991 meeting. This is a slippage of 6 months from the original target but is due to the delay in reaching consensus in certain sections. The effects of having to produce a language-independent version have not yet been fully ascertained and this might cause even more slippage. There is much concern about the slippage as many people want a standard as soon as possible.
6. The issues were then discussed and new ones added to the log (see Attachment). Many of the Danish government requirements had been presented at the P'003.6 meeting and were thought to be "implementation" points rather than "standard interface" questions. The Danish requirements have been added to the issue log for further discussion at the ncxt SSG meeting. It should be remembered that POSIX is defining "Portable Interfaces” and is NOT involved in implementation questions.
7. General Themes:
The new SC27 Security group and their meetings were of concern and interest to the members present. It would appear that certain things mentioned in the scope of SC27 overlap directly with some of the functions being defined by P1003.6. This could cause problems when P1003.6 comes to the international arena far balloting. In view of this aresolution (#2) was drawn up for forwarding to WG15.
Thare will also be another Special Working Group on Security meeting sometime in the fall of this year. The WG15 SRG wants representation at this meeting. Resolution (#3) wasdrawn up for submittal to WG15. Mr Murphy has to supply a new copy of his letter to SC27 for submittal to tha WG15 convener so that it can be forwarded as requested in the resolutions.
8. The next meeting
was scheduled to be held concurrently with the P1003.6 meeting in Danvers
on July 13 – 19, 1990 and then in Seattle in October together with the
P1003.6 meeting. The meeting closed at13:00 in time for the members to
attend the WG15 meeting being held that afternoon.
1. The SC22/WG13 Security Rapporteur Group requests that SC22/WG15 approve the following resolution;
"JTCl SC22/WG15 (POSIX) approves the following terms of reference for
the Security rapporteur Group:
"JTCl SC22/WG15 requests that the US
3. The JTC1 SC22/WG15 Security Rapporteur Group requests that SC22/WG15 approve the following recommendations:
"JTC1 SC22/WG15 recognizes the importance of coordinating its activities
with similar activities within JTCl and requests that JTC1 SC22 secretariat
4. The JTC1 SC22/WG15 Security Rapporteur Group requests that SC22/WG15 approve the following resolution:
"JTC1 SC22/WG15 requests that WG15 request the US member body to forward
Draft 7 of P1003.6 to the WG15 members and also to the SC22 members for
review and comment.
The WG15 meeting following this meeting in fact approved the above resolutions
with some minor changes. SC22 was requested to forward the fact that
a member of the WG15 SRG would attend the SWG on Security and the contact
point should be Kevin Murphy. It is then up to the SRG to decide
who should or can attend the workshop when more information is available
concerning date and time. The terms of reference were also accepted without
|R. Elliott June 16 1990||4||SC22/WG15 N087|
ISO/IEC JTC1 SC22/WG15 Security Rapporteur Group
Meetingat AFNOR, Paris on June 12, 1990
|France||Gerald Krummeck||X/Open Security WG
1 Rue de Provence
|+33 7639 7725|
|France||Claude Bourstin||AFNOR STIA
92049 Paris La
|+331 42 91 5705|
|France||Herve Schauer||Herve Schauer
142 rue de Rivoli
|+331 4638 8990|
|Germany||Ron Elliott||DIN Rapporteur
Postfach 80 08 80
7000 Stuttgart 80
|+49 7031 185097
|UK||Kevin Murphy||SRG Rapporteur
1 Cutler St.
Ipswich IP1 1UX
|+44 473 224573
P.O. Box 300
Blue Bell, PA 19424
11400 Burnet Rd.
Austin, TX 78758
The P1003.6 WG has discussed these points and during the rework of the
document for Draft 7 some of the references have already been removed.
Considerable work will be done in the next few months to make the document
Information labelling has been moved into the work being done by P1003.6. Draft 8 should contain the functions offered on this topic.
All the other topics are currently considered out-of-scope for this
version of P1003.6
It is not thought feasible to put this item into the scope of work for the current draft. The main reasons being:
b. It is NOT the intention of P1003.6 to define authenticatlon methods as these are rapidly changing and it is really an implementation question. e.g. password entering from a terminal as against using a "smart card".
It is understood, however, that other functions, notably in the network area, require to be able to authenticate the request for information that is arriving at thair node. P1003.6 is liaising with the network people to ensure that the problems are fully understood on both sides. If it is possible to define a portable interface requirement for authentication, then P1003.6 will review this requirement for inclusion in a revision of their standard.
The following points have been received from Denmark and have been included here for consistency. They will be discussed at the next meeting to see whether the group believes that they belong as issues against P1003.6 or whether they are in fact implementation details or recommendations to users:
4. Differentiated Access