Minutes of the POSIX 1003.6 security working group meeting held in Denver, Colorado on the 
12-16th July 1993.

Monday 12th July 1993, AM, Plenary session with 1003.22

Lynne Ambuel, in the chair.

The committee welcomed Rich Harris of Boeing. Members of the committee introduced themselves 
and their interest in POSIX 1003.6. Jon Spencer has undertaken the liaison function with the NIST 
common authentication working group.

Federal criteria - 20,000 comments suggested, a number of small workshops held to discuss major 
issues during the July 2-3 session. Briefed in February to EC. NIST and CEC agreed to work together 
to form one criteria the "common criteria". By end of month it is intended to publish a report giving a 
plan for evolution of the draft Federal criteria to take into account comments from industry. A 
common criteria editorial board (CCEB) has been established to progress the common criteria, it is 
proposed that a technical working groups with links from industry may be established to deal with 
specific areas of harmonisation. Comments will still be accepted on the Federal Criteria. 130 initial 
sets of comments, since the workshop a further 40 sets of comments have been received.

Authentication - Agreed to hold a plenary session to discuss authentication and related security 
services on Thursday morning. The fax from Piers McMahon will be distributed for the information 
of the working group.

Mailing lists and publicity - Agreed that 1003.6 mailing list distribute all materials including those 
from subgroups. The 1003.22 and subsequent subgroup mailing lists should carry material only for 
that subgroup, although occasional summary information should be posted. Noted that NIST have 
established a ftp archive for POSIX materials on the "brutus.ncsl.nist.gov" system in the directory 
"/home/ftp/pub/posix". Email and document archives will be stored on this system. Agreed to 
consider additional publicity for the work of the 1003.6/22 groups. The chair to arrange 
reorganisation of mailing list structure, secretary to establish ftp site. Suggested text and target email 
lists for working group prublicity material were solicited by the chair.

Plenary session, Thursday 15th July

Technical editors meeting - SGML is being proposed as the formatting language for document 
drafts. Notice about IEEE bulletin board service available currently via modem but eventually via 
internet. Vice chair of technical editing has resigned. Technical editor of 1003.6 is vacant.

Logistics - a small loss was made last  year. Cost cutting measures are being considered for future 
meeting. Asking if we can use suites rather than rooms for meetings. Noted that rooms were sold out 
this session. Part week fees were considered. Can we identify complementary groups to share 
meeting rooms. Lake Tahoe confirmed for April 1994 at Hyatt Regency in Incline Village. Options 
for July meeting are Chicago or Montana. Mailings down from 300,000 to 200,000. Asking if other 
organisations would appreciate NAPS services. August 3rd and September 14th mailing deadlines.

Ballot group - reformed by October. Revised PAR approved for forwarding to NesCom via PMC. It 
is intended to present Draft 14 to the reformed ballot group.

Ballot resolution status - planned to hold a further meeting August, with a revised ballot in 
September. Objections to encoding of MAC policy in the API interfaces, and the level of MAC 
policy independence of the interface. Open issues concerning random access to the audit trail and 
assymetry between read and write interfaces. A set of statistics on current ballot unresolved issues 
will be presented for inclusion as an annex to these minutes.



X/Open institutional representation -

Resolution:
Whereas the PASC security working group recognises that the X/Open possesses significant 
expertise in the area of security, and believes that the expertise would assist this working 
group in producing a better standard.
Resolved:
That the working group chair request that the SEC chair request X/Open to join the 1003.6 
ballot group as an IR.

Dependable computing

D.Ferbrache to take over liaison to Dependable computing BOF/Study group - copy of overview of 
areas of concern which will be addressed by the study group to be added to minutes of meeting.

Authentication and related security services

Piers McMahon has proposed that we consider endorsement of the GSS-API as the basis for 
authentication between distributed services. It is noted that the traditional UNIX authentication 
system management is being addressed by 1003.7.3 although the interfaces require standardisation. 
Proposed that this be carried forward as a discussion item to the October meeting with Piers 
providing a draft PAR outlining the scope, purpose and review criteria.

Plenary session with 1003.22, Friday 16th July

1003.6 ballot resolution group status

Progress has been made towards resolution of a number of ballot objectives. MAC policy objections 
will be addressed by directing balloters towards the definition of dominance which provides for a 
variety of implementations. Privilege has been changed to capability to comply with the ISO usage of 
this term. Aimed to submit to IEEE no later than September, ballot during October - December 
period. Persons not submitting ballots within the previous ballot group to draft 12 and 13 will not be 
invited to participate unless there is a compelling counterargument. Privilege, MAC and IL are 
considered resolved. A number of members of the ballot resolution group will be free to join in the 
discussions on new subgroups.

1003.22 subgroup report

The document structure has been planned and work items assigned. The group has met with 1003.0 
and 1003.21 to discuss liaison arrangements. A consolidated glossary of terminology has been 
generated including Federal criteria, CESG memo 1, ITSEC, ECMA, IEEE and ISO security 
architecture. The ISO security framework terminology requires integration. 1003.22 was represented 
at the Fault management study group BOF. Draft of initial concepts to be sent to ftp server, 
breakdown and mapping of security services between ISO/ECMA and IEEE security frameworks. 
Piers will continue IETF liaison with 1003.22. Planned to review work of draft and communication 
APIs. Decomposition of services supporting 1003.1 APIs. Email list is being established for 
discussion of .1 subsetting (POSIX-SUBSET@USL.COM), Cassey's work can contribute in this area.

Reports from committees

Report from SEC: the requirement for language independent specification (LIS) has been dropped for 
standards to proceed to DIS. Standards should include statements to support the provision of alternate 
language bindings. Jon Spencer proposed that subgroups consider generation of LIS specifications for 
new APIs. Security is considered fundamental to POSIX and its advised that 1003.0 and 1003.22. Jon 
Specncer is taking responsibility for SEC glossary and requested input. Noted that the GSS-API is 
being encoded in both LIS and C bindings.

Discussion of new groups

Requested that the final mailing include a statement of which groups people have committed to 
support. Aimed to have a series of proposals on the table, and to advertise these as proposed areas of 
new work. 1003.6 and 1003.22 will be treated as separate mailing lists. Proposed that 1003.6 be 
renamed the PASC security working group (SWG).

Liaisons

NIST CAA has recommended liaison with SWG.22, Jon Spencer has been nominated by NIST as this 
liaison. The SWG confirmed Jon in this role.

Agreed that the Chair write to Bellcore stating that SWG recognises the considerable contribution of 
Anthony D'Alessandro towards the SWG, and that the Chair thanks Bellcore for its support of the 
security working group.

Closure

The meeting closed at 11:50am.


Security Working Group
Document register

4/93	01	Agenda for Irvine meeting, proposed subgroups and liaison activities	J.Spencer
4/93	02	Coverage of new subgroups					L.Ambuel
4/93	03	Attendance list, Irvine						D.Ferbrache
4/93	04	Presentation slides on security framework (1003.22)			D.Rogers
4/93	05	MoD Technology demonstrator program - generic security archit.	P.McMahon
4/93	06	Security framework - submission for security domain definitions	D.Rogers
4/93	07	NIST generic cryptographic interface				S.Chang
7/93	08	Minutes of the April 1993 meeting					D.Ferbrache
7/93	09	Authentication and related security services				P.McMahon
7/93	10	Threads and security a proposal					R.Buresund
7/93	11	POSIX A&RSS Planning						P.McMahon
7/93	12	Minutes of the July 1993 meeting					D.Ferbrache

Additional annex material will follow in the next NAPS mailing:

7/93	13	Ballot statistics, July 1993						D.Ferbrache
7/93	14	1003.1 interface service decomposition				C.Schaufler
4