[LinkSec] Thoughts on high-level requirements
In our last teleconference we all seemed to agree that it would be useful to look at business model requirements as a way to ensure that the technical requirements we settle on are all addressing important business concerns.
It seems to me that there are really two or more business models we could try to address. For example, service providers want to prevent theft of services and protect customers from each other, while enterprises may want us to help solve a different set of access control problems, and government may want to rely on us to help ensure that certain sensitive-but-unclassified data is secure from users who don't need-to-know, and thus are not authorized (by law) to gain access.
Some questions arise: Do we pick one model and ignore the others? Do we try to come up with a one-size-fits-all set of technical requirements that will address all of the business concerns of all of the models? Do we create a set of (not mutually incompatible) standards, one for each model?
Another area of high-level requirements related to the above, but interesting in its own right, is whether we do link security only as a perimeter-defense, or pervasively throughout the network. If we simply defend the perimeter, then each MAC address (for example) can be associated with a user, but if we are also supposed to secure the spanning-tree protocols and other communications between bridges, then some devices are not operating on behalf of any specific user.
Again: Do we do perimeter-defense and ignore the internal communications? Do we try to come up with a comprehensive set of technical requirements that will address both sets of concerns? Do we create a pair of (not mutually incompatible) standards, one for each model?