Object/Document Security BOF (IOS) Reported by John Lowry/Bolt Beranek and Newman The Object/Document Security BOF met on Wednesday, 7 December, at the San Jose IETF. It began with a slide presentation introducing the concept and purpose of information object security (IOS). There were three presentations intended to stimulate discussion. Presentations The first presentation was made by John Lowry on the Location-Independent IOS work sponsored by ARPA. The second presentation was made by Wolfgang Schneider on the practical considerations of bootstrapping a certificate based key management infrastructure, particularly geared to deployment of PEM. The third presentation was made by Paul Van Oorshot and was an overview of store-and-forward extensions made to GSS-API which would be presented more fully in the Common Authentication Technology Working Group CAT. Discussion There was discussion by the group regarding: o Copyright protections and whether there was any security service which could prevent, discourage, or help to audit unauthorized copying. o Uniform Resource Identification and the security services that might be applied to IDs, locators, meta information, and other data associated with the object. o Support for labeling of objects. Labeling could be associated with confidentiality, part of an annotation, and needs to be examined regarding the relationship to meta-information. o Access control requirements need to investigated and a low-complexity model should be identified. The model presented in the Location-Independent IOS needs a lot of work. o Concerns about the nature (complexity) of the object and annotations including n-dimensional signatures and annotations. o Concerns about long term and archival storage of objects. Initial reaction was that this was probably outside the scope of this group. o Concerns about the overhead of security in terms of object size, complexity, and processing cycles required. o Concerns about adopting a flexible trust mechanism and key management/identification/ authentication mechanism. o The relationship to WWW and HTTP-S. Generally it was felt that HTTP-S was concerned with transport but that there should be coordination between this group and the HTTPSEC group. o There was a question about the relationship to GSS-API and whether there was a good synergy with the CAT Working Group. GSS-API is also considering store-and-forward mechanisms which may relate directly to some of the requirements yet to be defined. o There was a question about the relationship to MIME/PEM and whether MIME/PEM could serve as an appropriate mechanism. The initial opinion seemed to be that until the requirements are defined the question cannot be answered. Jeff Schiller pointed out the necessity of listing requirements and forming a charter. An outline list of requirements was proposed by Dave Solo and will start the requirements discussion. The outline appears below. It was agreed that a mailing list and an archive site be created. Attendees would be notified of the mailing list instantiation but would not automatically be included on the list. It was agreed that since time was short, the charter should be negotiated on the mailing list with a goal of becoming a working group by the 32nd IETF in Danvers. Proposed Requirements Outline Object Protection/Encapsulation o Protect arbitrary data/objects o Allow any transport or access mechanism o Supply confidentiality/encryption o Supply integrity o Supply authentication/non-repudiation - signature - annotation - complex data structures o Access Controls/Scenarios - access control rules - concepts of access control - relationship to key management o Labeling o Third-party service interactions o Handle existing concepts - PEM - MIME/PEM - PGP o Flexible certificate trust models