IEEE - The Institute of Electrical and Electronics Engineers@ Inc.
Latest
IEEE 1244.2-2000
Scope
The IEEE Session Security@ Authentication@ and Initialization Protocol (SSAIP) is used by the IEEE Media Manager (MM) when a Media Management System (MMS) Client or an MMS Module wishes to connect to the MM.The SSAIP provides identification@ and if desired authentication@ of the client@ which is a requirement to obtain access to the services of the MM in compliance with the MMS security model. The SSAIP also establishes parameters of the communications between the MMS Client and the MMS Module thereafter@ such as language and language type. This standard describes the syntax and semantics of the protocol messages that pass between the MMS client or MMS module and the MM. Since this protocol is only used in the context of the MMS@ this standard cannot be understood without a thorough understanding of its architecture as described in IEEE Std 1244.1-2000. In addition@ the protocols that are implemented on top of the SSAIP protocol are described in IEEE Std 1244.3- 2000@ IEEE Std 1244.4-2000@ IEEE Std 1244.5-2000@ IEEE P1244.6@ and IEEE P1244.7.The actual security features of the SSAIP rely upon SSL3@ X.509@ and assume the default (but not mandated) use of SHA within the X.509 certificates. The SSAIP provides for the optional use of SSL@ to achieve privacy of communications@ when such privacy is desired or necessary. The SSAIP allows for various levels of authentication of the parties involved in the communication@ ranging from none@ to the use of passwords@ to the use of X.509 certificates. This means it is possible with this proposal to have no privacy and no authentication@ privacy without any authentication@ highly assured authentication and no privacy@ etc. Note that the assurance of using X.509 certificates and SHA or similar signatures for authentication remains secure@ i.e.@ the authentication cannot be compromised@ without the use of SSL. Not using SSL simply means that the communication may not remain private. Also note that the use of passwords together with SSL is secure?? the only weakness in this approach is the setting up of the passwords in the first place@ a process which is outside the scope of this standard. Some typical applications@ where security considerations may be found to differ@ may be as follows: a) Home office: Isolated machine or machines using automated backup to a very small CD-RW or 8 mm library@ requiring no privacy and no authentication. A vendor of such a facility can still be MMS-standards compliant. b) Typical in-house business: With checked authentication of the client (to safeguard against careless accidents)@ but no server authentication and no privacy (U.S. law comes close to guaranteeing lack of privacy in the work situation). c) DOD classified site: High-assurance authentication of the client is required in order to enforce ??need to know@?? but little or no authentication of the server is needed@ nor is privacy needed@ because the network is physically protected. d) Business-to-business over the public Internet: Privacy is needed@ as well as highly assured authentication of the client to the server@ and the server to the client.
IEEE 1244.2-2000 history
2000IEEE 1244.2-2000 Standard for Media Management Systems (MMS) Session Security@ Authentication@ Initialization Protocol (SSAIP) (IEEE Computer Society)