[Css-csts] RE: [Smwg] Issues regarding level of authentication and credentialsalogorithms for transfer services

John Pietras john.pietras at gst.com
Fri May 28 10:55:04 EDT 2010 

Martin,

Thank you for bringing ISP-1 into the conversation. Choosing to use ISP-1 is essentially the same as choosing the authentication algorithm. I think that it would be helpful for the CSTSFW to modify the first NOTE under 3.2.4.3 to read something like 

"The specification of the algorithms themselves is outside the scope of this Recommended Standard. However, the SLE Internet Protocol for Transfer Services (ISP-1, reference [3]), which is the default underlying communication protocol for CSTSes, specifies a particular algorithm for the generation of credentials. Any implementation that uses ISP-1 will use the credentials algorithm specified therein;"

 

This leads to the question of whether it is necessary to specify in the Service Agreement (at least conceptually) that ISP-1 is to be used, even though ISP-1 is the only existing underlying protocol for SLE transfer services and CSTSes.  For myself, I think that it can be treated as a "contractual reference", which means that it is not called out explicitly in Service Agreement data structures but is assumed to be named in supporting material. 

 

This leaves us with the remaining issue regarding the scope of declaration of authentication level: should it be done on a per-service-instance basis, or per-Serivce-Agreement? Is there some reason why some transfer service instances operating within a service package would usem for example, 'all', whie others would be 'bind' or even 'none'? That doesn't seem to make much sense to me - I would think that the Complex and the Mission would agree on one authentication level to be used for all service instances for all service packages, and record that (at least conceptually) in the Service Agreement. But I'd like to hear arguments for per-service-instance declaration, if there are any.

 

Best regards,

John

 

From: Martin Götzelmann [mailto:martin.goetzelmann at vega.de] 
Sent: Friday, May 28, 2010 3:58 AM
To: John Pietras
Cc: css-csts at mailman.ccsds.org; CCSDS Service Mgmt WG
Subject: RE: [Smwg] Issues regarding level of authentication and credentialsalogorithms for transfer services

 

Dear John,

 

Just a few thoughts on the subject ...

 

While the Framework Specification indeed does not "not address the mechanism for exchanging authentication and access control information associated with the creation of transfer service credentials", it does say that the default assumed communication system is ISP1 and that specification does include those definitions. If the authentication mechanisms defined in ISP1 are used then the algorithms are fixed and the only thing that needs to be exchanged is the password.

 

However, use of ISP1 is not mandatory and even if ISP1 is used it is possible not to use the weak authentication mechanism provided by ISP1 (setting the authentication level to NONE) and rather relay on a strong authentication in an underlying transport or network layer - in that case the authentication information would not be included in the credentials parameter of the CSTS operation header, but I think the approach is nevertheless in line with the Recommendation. The parameters to be agreed by management will then depend very much on the options provided by the transport or network protocol and the mechanism implemented by the protocol.

 

Regards, Martin

 

________________________________

From: smwg-bounces at mailman.ccsds.org [mailto:smwg-bounces at mailman.ccsds.org] On Behalf Of John Pietras
Sent: 27 May 2010 19:21
To: CCSDS Service Mgmt WG; css-csts at mailman.ccsds.org
Subject: [Smwg] Issues regarding level of authentication and credentialsalogorithms for transfer services

SMWG and CSTSWG colleagues ---

In performing an analysis of all of the managed parameters needed for the MD-CSTS and TD-CSTS, I came across the following paragraphs in the latest draft of the CSTS Specification Framework:

 

3.2.4.2     Complex Management and Utilization Management shall agree on the level of authentication to be required for an association between a Service User and a Service Provider and shall configure both entities accordingly.

 

3.2.4.3     Complex Management and Utilization Management shall agree on the algorithm used to generate and check credentials parameters and shall make this algorithm known to the Service User and Service Provider together with associated parameters such as passwords or keys as necessary for the selected algorithm.

 

Similar  (service-specific) statements appear in each of the SLE transfer service specifcations. These requirements have impacts on the CSTS Framework, the SLE transfer service specification, and SCCS-SM. 

 

Regarding the CSTS Framework, these requirements are not reflected in the tables in annex H, "Interactions with Management", an should they probably should. I don't think this is important enough to delay Red-1, but it should be RIDded. 

 

Regarding the SLE transfer service specification, every specification has a table 3-1 that includes (among other things) the parameters that are to be configured via Service Management. Authentication level and identification of the credentails algorithm to be used should be added to table 3-1.  (Unfortunately, the SLE books have just been reissued, so it may be awhile before these updates are made.)

 

Regarding the Service Management specification, there is no mention of the authencation level in Blue-1. It should be added in Blue-2. The question is whether it should be specified on a per-service-instance basis, or on a Service Agreement basis (that is, the same authentical level applies to all transfer serivce instances within the context of a Service Agreement). 

 

Regarding credentials generation, section 1.3.5 (LIMITATIONS, CONSTRAINTS, EXCLUSIONS AND QUALIFICATIONS) of the SCCS-SM Blue-1 specification states "This Recommended Standard does not address the mechanism for exchanging authentication and access control information associated with the creation of transfer service credentials". This "covers" us as far as the SCCS-SM specification is concerned, but begs the question of how such information *is* exchanged. Do we need a standard method for such exchanges, or is leaving it bilaterally determined okay for now?

 

Best regards,

John

 

 


______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ccsds.org/pipermail/css-csts/attachments/20100528/3c9098eb/attachment.html

More information about the Css-csts mailing list