IEF-RA 2.0b2 FTF Avatar
  1. OMG Issue

IEFRA2 — Weaknesses & Gaps Sec 1.7.3

  • Key: IEFRA2-80
  • Status: open  
  • Source: Advanced Systems Management Group Ltd. ( Mr. Michael Abramson)
  • Summary:

    "10.3 Weaknesses & Gaps
    ● No Explanation of Why XACML, DDS, and XMPP Were Chosen
    ○ The section assumes the reader understands why these standards are relevant but does
    not explain their importance to IEF-RA.
    ○ Why is XACML chosen for access control? What does DDS bring to ISMB? How does
    XMPP support messaging?
    ● A brief sentence connecting these choices to IEF-RA’s security model would add value.
    ○ No Mention of Other Standards That Could Complement IEF
    ○ Does IEF-RA leverage or align with other security or messaging standards? (e.g., OAuth, OpenID Connect, STIX/TAXII for threat intelligence, or MQTT for IoT data exchange?)
    ○ This could help readers understand the broader compatibility of IEF-RA.
    ● PPS and PAP Are Listed as Needing Specifications, But No Details on Scope
    ○ The section states that PPS and PAP require specifications, but it does not clarify what
    aspects need to be defined.
    ○ For instance:
    ■ PPS: What specific data policies need to be ingested? What security controls
    should it enforce?
    ■ PAP: How should users administer policies? What interfaces or protocols will be
    supported?
    Suggest: ""Each IEF component has or will have a dedicated specification defining its detailed
    operation. Some components align with existing standards, while others require new
    public specifications to be developed.
    Existing Standards Supporting IEF-RA:
    The following specifications address core IEF requirements:
    ● PDP & Access Control: XACML v3 (or higher) provides a well-defined policy
    language for access control decisions.
    ● Information Exchange Packaging: The Information Exchange Packaging Policy
    Vocabulary (IEPPV) defines an ontology and UML profile for expressing
    information-sharing and safeguarding (ISS) policies.
    ● Interoperable Secure Messaging Bus (ISMB): DDS (Data Distribution Service) and XMPP (Extensible Messaging and Presence Protocol) provide interoperable messaging mechanisms for IEF implementations. XACML was chosen for its granular policy-based access control model, DDS enables scalable, real-time data exchange, and XMPP supports lightweight, extensible messaging—all critical to IEF-RA’s security and interoperability goals.
    Components Requiring New Specifications:
    The following IEF components require formal public specifications to ensure interoperability and compliance:
    1. Policy-based Packaging Service (PPS): Needs a service specification defining how data policies (aligned with IEPPV) are ingested and enforced at the data level.
    2. Policy Administration Point (PAP): Requires a specification outlining how administrators manage and configure policies, ensuring alignment with user-defined rules and system security requirements.
    Future work on these specifications will define interfaces, policy models, and enforcement mechanisms, ensuring that PPS and PAP integrate seamlessly within IEF-RA’s policy-driven architecture."""

  • Reported: IEF-RA 2.0a1 — Mon, 4 Aug 2025 16:39 GMT
  • Updated: Mon, 4 Aug 2025 16:54 GMT