Requirements for Message Access Control
draft-freeman-message-access-control-req-03
Document | Type |
Replaced Internet-Draft
(individual)
Expired & archived
|
|
---|---|---|---|
Authors | Trevor Freeman , Jim Schaad, Patrick Patterson | ||
Last updated | 2012-04-16 (Latest revision 2011-10-20) | ||
Replaced by | draft-freeman-plasma-requirements | ||
RFC stream | (None) | ||
Intended RFC status | (None) | ||
Formats | |||
Stream | Stream state | (No stream defined) | |
Consensus boilerplate | Unknown | ||
RFC Editor Note | (None) | ||
IESG | IESG state | Replaced by draft-freeman-plasma-requirements | |
Telechat date | (None) | ||
Responsible AD | (None) | ||
Send notices to | (None) |
This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:
Abstract
There are many situations where organizations want to protect information with robust access control, either for implementation of intellectual property right protections, enforcement of information contractual confidentiality agreements or because of externally imposed legal regulations. The Enhanced Security Services (ESS) for S/MIME defines an access control mechanism which is enforced by the recipients client after decryption of the message. The ESS mechanism therefore is dependent on the correct access policy configuration of every recipients client. This mechanism also provides full access to the data to all recipients prior to the access control check which is considered to be inadequate for due to the difficulty in demonstrating policy compliance. This document lays out the deficiencies of the current ESS security label, and presents requirements for new model for doing access control to messages where the access check is performed prior to message content decryption. This new model also does not require policy configuration on the client to simplify deployment and compliance verification. The proposed model additionally provides a method where non-X.509 certificate credentials can be used for encryption/decryption of S/MIME messages.
Authors
Trevor Freeman
Jim Schaad
Patrick Patterson
(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)