Embed Size (px)
Citation preview
Draft principles and frameworkfor CAP identifiers
Tony RutkowskiCybersecurity Rapporteur (ITU-T Q.4/17)
V1.0, 21 Jun 2009 WORLD METEOROLOGICAL ORGANIZATIONWMO INFORMATION SYSTEM (WIS)
WIS Common Alerting Protocol (CAP, X.1303)Implementation Workshop
Geneva, Switzerland, 22-23 June 2009
2
Why cooperate globallyCAP can be used by anyone for anything,
anywhere, at any time– No way to control CAP use
However…Common interests may exist among user
communities regarding “CAP identifiers” concerning– Creation– Administration– Discovery– Verification– Use
3
CAP Identifier Value PropositionsEnhance the value of the CAP messages
– Enable widespread sharing of the related event information
– Enable analysis of events over long periods of time
Enhance the security of CAP messages– Enable information associated with the message to
be obtained for verification
Enhance the flexibility of CAP messages– Enable new or additional information associated
with the message to be obtained, e.g., message status
4
What are CAP identifiersmessage schema or module identifier individual message identifierassociated event identifier identifiers for the entities (persons,
organizations, or objects, physical or virtual) associated with the handling chain of the message– Creator (source)– Sender– Conveyor– Recipient
identifiers for policies associated with the message
message language identifier
5
Identifier Principles - MandatoryCAP identifiers MUST be globally unique in a
common namespaceThe CAP identifier common namespace MUST
accommodate distributed, autonomous, dynamic, extensible CAP uses and communities.
CAP identifiers MUST be structured to enable autonomous, distributed global discovery through hierarchical recursive queries in the hierarchy.
CAP identifiers MUST not exceed a length of [TBD] or a hierarchical depth exceeding [TBD] levels
6
Identifier Principles - Optional CAP identifiers SHOULD have minimal internationaliz-
ation impediments, e.g., consist of numbers CAP identifiers SHOULD be structured so that usage,
geographical, jurisdictional, and global hierarchical assignments can exist concurrently in the overall namespace (see next slide)
Registrars that assign CAP identifiers SHOULD obtain, with levels of assurance sufficient for the application, information concerning the registrants or objects to which the identifiers are assigned
Registrars that assign CAP identifiers SHOULD, as appropriate for the application or usage, support common structured query-response availability of the registrant or object information or a pointer to the information location for other users within the same community
7
Namespace Hierarchy Alternatives
Countries
00
0011
22
Applications33
Geography-Jurisdiction Centric Use Centric
CAP Exclusive Hybrid
0011
Users
11
0011
2233
0011
Countries
00
0011
22
Applications
33
0011
Users
11
0011
2233
0011
An exclusive CAP Arc (Domain) for all CAP implementations
Some combination
