IEFRA2 — Weaknesses & Gaps Sec 1.7.3

"10.3 Weaknesses & Gaps
● No Explanation of Why XACML, DDS, and XMPP Were Chosen
○ The section assumes the reader understands why these standards are relevant but does
not explain their importance to IEF-RA.
○ Why is XACML chosen for access control? What does DDS bring to ISMB? How does
XMPP support messaging?
● A brief sentence connecting these choices to IEF-RA’s security model would add value.
○ No Mention of Other Standards That Could Complement IEF
○ Does IEF-RA leverage or align with other security or messaging standards? (e.g., OAuth, OpenID Connect, STIX/TAXII for threat intelligence, or MQTT for IoT data exchange?)
○ This could help readers understand the broader compatibility of IEF-RA.
● PPS and PAP Are Listed as Needing Specifications, But No Details on Scope
○ The section states that PPS and PAP require specifications, but it does not clarify what
aspects need to be defined.
○ For instance:
■ PPS: What specific data policies need to be ingested? What security controls
should it enforce?
■ PAP: How should users administer policies? What interfaces or protocols will be
supported?
Suggest: ""Each IEF component has or will have a dedicated specification defining its detailed
operation. Some components align with existing standards, while others require new
public specifications to be developed.
Existing Standards Supporting IEF-RA:
The following specifications address core IEF requirements:
● PDP & Access Control: XACML v3 (or higher) provides a well-defined policy
language for access control decisions.
● Information Exchange Packaging: The Information Exchange Packaging Policy
Vocabulary (IEPPV) defines an ontology and UML profile for expressing
information-sharing and safeguarding (ISS) policies.
● Interoperable Secure Messaging Bus (ISMB): DDS (Data Distribution Service) and XMPP (Extensible Messaging and Presence Protocol) provide interoperable messaging mechanisms for IEF implementations. XACML was chosen for its granular policy-based access control model, DDS enables scalable, real-time data exchange, and XMPP supports lightweight, extensible messaging—all critical to IEF-RA’s security and interoperability goals.
Components Requiring New Specifications:
The following IEF components require formal public specifications to ensure interoperability and compliance:
1. Policy-based Packaging Service (PPS): Needs a service specification defining how data policies (aligned with IEPPV) are ingested and enforced at the data level.
2. Policy Administration Point (PAP): Requires a specification outlining how administrators manage and configure policies, ensuring alignment with user-defined rules and system security requirements.
Future work on these specifications will define interfaces, policy models, and enforcement mechanisms, ensuring that PPS and PAP integrate seamlessly within IEF-RA’s policy-driven architecture."""