Requirements for Message Access Control

The information below is for an old version of the document
Document Type Active Internet-Draft (individual)
Authors Trevor Freeman  , Jim Schaad  , Patrick Patterson 
Last updated 2014-02-13
Replaces draft-freeman-message-access-control-req
Stream (None)
Intended RFC status (None)
Formats pdf htmlized (tools) htmlized bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state I-D Exists
Telechat date
Responsible AD (None)
Send notices to (None)
Network Working Group                                         T. Freeman
Internet-Draft                                           Microsoft Corp.
Intended status: Informational                                 J. Schaad
Expires: August 17, 2014                         Soaring Hawk Consulting
                                                            P. Patterson
                                       Carillon Information Security Inc
                                                       February 13, 2014

                Requirements for Message Access Control


  S/MIME has a proven track record in delving confidentiality, integrity
  and data origination authentication for email. However, there are many
  situations where organizations want robust access control applied to
  information in messages. The Enhanced Security Services (ESS) RFC5035
  for S/MIME defines an access control mechanism for email, but the 
  access check happens after the data is decrypted by the recipient
  which devalues the protection afforded by the cryptography and
  provides very week guarantees of policy compliance. Another major
  issues for S/MIME is its dependency on a single type of identity
  credential, an X.509 certificate. Many users on the Internet today do
  not have X.509 certificates and therefore cannot use S/MIME. 
  Furthermore, the requirement to discover the X.509 certificate for
  every recipient of an encrypted message by the sender has proven to be
  an unreliable process for a number of reasons.  

  This document presents requirements for an alternative model to ESS to
  address the identified issues with access control to deliver more
  robust compliance with S/MIME protected messages. This document
  describes an access control model which uses cryptographic keys to
  enforce access control policy decisions where the policy check is
  performed prior to the decryption of the message contents. The model
  also abstracts the specifics of the authentication technology thereby
  removing the dependency on X.509 certificate making it possible for
  other forms of credential to be used for S/MIME enabling much broader
  adoption. This model can be instantiated in many areas using existing
  standards, or with only minor updates to existing standards. This
  model in not intended to be a one off just for email and can also be
  applied to other data types. The model also removes the dependency on
  the need to discover encryption certificates at send time. 

  The name Plasma was assigned to this effort as part of the IETF
  process. It is derived from PoLicy enhAnced Secure eMAil.

Status of this Memo


Freeman, et al.         Expires August 17, 2014                 [Page 1]
Internet-Draft  Requirements for Message Access ControlFebruary 13, 2014

  This Internet-Draft is submitted in full conformance with the
  provisions of BCP 78 and BCP 79.

  Internet-Drafts are working documents of the Internet Engineering Task
  Force (IETF), its areas, and its working groups.  Note that other
  groups may also distribute working documents as Internet-Drafts.  The
  list of current Internet- Drafts is at

  Internet-Drafts are draft documents valid for a maximum of six months
  and may be updated, replaced, or obsoleted by other documents at any
  time.  It is inappropriate to use Internet-Drafts as reference
  material or to cite them other than as "work in progress."

  The list of current Internet-Drafts can be accessed at

  The list of Internet-Draft Shadow Directories can be accessed at

Copyright Notice

  Copyright (c) 2014 IETF Trust and the persons identified as the
  document authors.  All rights reserved.

  This document is subject to BCP 78 and the IETF Trust's Legal
  Provisions Relating to IETF Documents
  ( in effect on the date of
  publication of this document.  Please review these documents
  carefully, as they describe your rights and restrictions with respect
  to this document.  Code Components extracted from this document must
  include Simplified BSD License text as described in Section 4.e of the
  Trust Legal Provisions and are provided without warranty as described
  in the Simplified BSD License.


Freeman, et al.         Expires August 17, 2014                 [Page 2]
Internet-Draft  Requirements for Message Access ControlFebruary 13, 2014

Table of Contents

   1 Policy Based Management Vocabulary . . . . . . . . . . . . . . .  4
   2 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . .  6
   3. Access Control Models . . . . . . . . . . . . . . . . . . . . . 10
     3.1 Generic Access Control Model . . . . . . . . . . . . . . . . 11
Show full document text