Enterprise and Information

An important feature of the architecture is an organised way of looking at a problem, or a system, that emphasises different concerns. These are known as "projections" or "viewpoints". The two most important for security are "enterprise" which is generally concerned with purpose, and "information" which is generally concerned with meaning.

• Purpose and Meaning
• Enterprise defines meaning of "security" Each organisation has its own security requirements, and often its own interpretation of the meaning of the words.
  • Policy: Objectives, missions, constraints What the organisation wants to achieve, how it intends to achieve its objectives, and rules (often external - legal or contractual) that it must follow.
  • Soundness It is important to avoid using "following the rules" as the definition of security. It is essential to be able to be able to question whether or not following the rules gives you security.
  • Evolution towards security, stability Existing systems, including WWW, are not secure now, and shutting everything down and restarting with security in place is not an option. Mechanisms that evolve towards a secure state have the added benefit that the system can be repaired after a security breach.
  • Federation, multiple policies - conflicts In WWW, and distributed systems in general, different organisations have diferent policies and there is no hierarchy above them to resolve this. Security must be designed to work in this world, it can neither change nor ignore it.
  • Obligations - responsibility, accountability, liability Distinguish who must do, who must explain, and who must pay, especially when something goes wrong.
  • Agents, Activities, Resources - permitted relationships Giving rights over resources to agents (principals, people, whatever entity does the work) is common, but not always appropriate. In commercial environments the emphasis is often on ensuring that the correct procedure is followed so rights over resources should be granted to activities rather than agents (agents have rights to perform activities in this context). See Clark and Wilson "A comparison of Commercial and Military Computer Security Policies" in Proc. 1987 IEEE Symp. Sec. and Priv.
  • Administrations and authority structures
  • Proxies, delegation Proxies in use now in WWW are simpler than in general distributed systems - they effectively act as repeaters and do not do anything complicated. Even so, there is a question of what rights the client gives to the proxy - letting the proxy identify itself as the client is not a good solution. Fine grained control of delegated rights is needed.
  • Trust There are different kinds of trust - I trust my doctor with my medical records, I trust my bank with my money. Trust is not a simple yes/no nor even a linear scale. Identifying for what purpose and how much one party needs to trust another is the key to establishing a workable security policy.
• Information
  • Data / Information - representation and interpretation There are many issues here, not least the basis for using cryptography. Why is cyphertext less sensitive than the plaintext it was generated from?

Introduction ->1 ->2 ->3 ->4 ->5 ->6