Thread Links Date Links
Thread Prev Thread Next Thread Index Date Prev Date Next Date Index

RE: [802.21] Security SG: Comments on TR contribution



Title: Samsung Enterprise Portal mySingle
 Hi Rahul,
 
 
Thanks for the review. Some feedback on the MIH security points...
 
 3. MIH Level Security

 

3.1.1 General Requirements

Under MIH based access control, “In some implementations the MN MIHF should be able to select the most well known IS MIHF among all available”

<<The term ‘well known’ is not clear. If ‘most trusted’ is what is meant here, then a reputation score needs to be assigned to IS MIHF based on previous transactions.>> 

 

Agree the term is not a security term. Maryna may comment more, but if the IS is a service where several MIHF's are available, the MN should pick its preferred one for the given scenario. Does changing from well known to preferred work? 

 

3.1.3.1  Assumptions

 

A1.5 “The MN trusts the validity of the services based on the use of standard MIH services”

<<This needs rewording. It is not clear what is meant by this statement.>>

 

The IAB link indications draft makes a kind of a requirement statement that the service provided has to be 'valid', not just signed. So the assumption here is that the standard protocol with well defined services will provide valid results.

 

3.1.6 Use Case 4

“The MN is located in either the visited or in the home network, and the PoS is located in a 3rd party network”.

<<Even before thinking of security issues for this use case, we need to think whether this is a realistic scenario. How or why would an untrusted 3rd party network provide mobility services to a MN in its home/visited network? There is no assumption that network specific information is shared between the 3rd party network and the home/visited network. >> 

 

This might represent the ipunplugged, birdstep, divitas, trellia, etc type of use cases, where the MN has a mobility provider that is an 'Internet service' with that service's client installed, but the MN would be at home on a traditional operator's network. These clients work by using the MN's available information, and integrating something like 802.21 with MIP or SIp or other mobility solutions at higher layers.

 

3.1.7 Use case 5

“The MN is accessing the IS while the MN is not unauthenticated to the network”

<<Reword to: The MN is accessing the IS while the MN is not authenticated to the network>>

 

Yes thanks.

 

 Rahul Sinha
Samsung Electronics
 

------- Original Message -------
Sender : Meylemans, Marc<Marc.Meylemans@INTEL.COM>
Date   : Jan 09, 2008 15:01 (GMT+09:00)
Title  : Re: [802.21] Security SG: Reminder for TR contribution

All,

I posted rev 0.4 of the MIH Security Technical Report on the new
document control website.
I incorporated Michael&#39;s and Maryna&#39;s contribution on MIH level security
(21-08-0011-00-0Sec-MIH_Service_Security.doc) in Section 3 (and Annex B)
of the TR.

Please review and provide feedback.

Thanks,
-Marc Meylemans

-----Original Message-----
From: Yoshihiro Ohba [mailto:yohba@TARI.TOSHIBA.COM] 
Sent: Tuesday, January 08, 2008 5:41 AM
To: STDS-802-21@LISTSERV.IEEE.ORG
Subject: Re: [802.21] Security SG: Reminder for TR contribution

Upon a request of Editor, the deadline is extended to today (Jan 8),
AOE.

Best Regards,
Yoshihiro Ohba

On Fri, Jan 04, 2008 at 09:45:42AM -0500, Yoshihiro Ohba wrote:
> Submission Deadline is January 7, 2008, AOE (Anywhere on Earth).

> After the deadline, I&#39;ll submit agenda for Security SG meeting in
Taipei.

> Yoshihiro Ohba

> ______________________________________________________________________
> This email has been scanned by the MessageLabs Email Security System.
> For more information please visit http://www.messagelabs.com/email 
> ______________________________________________________________________



 
 
Rahul Sinha, Ph. D
Senior Engineer,
Samsung Electronics