Re: [2600] FPP-A draft 28a posted
Brian,
As usual, you've done a lot of work between the meetings!
Please find bellow my remarks concerning
http://grouper.ieee.org/groups/2600/drafts/ProtectionProfiles/P2600.1-28a.pdf
Page 10:
You say
D.FUNC.TEMP:Job instructions or job status inquiries
D.FUNC.STORED: Job logs
From your models one may deduce that the difference between D.FUNC.TEMP and D.FUNC.STORED is the state.
I think job instructions and job logs should not be mixed under D.FUNC.
The user can decide which are his job instructions but he is not allowed to modify accounting data.
Line 17, page 16:
why you consider only D.FUNC.TEMP. We can also have D.DOC.TEMP
why you consider only D.FUNC.STORED? You can also have D.DOC.STORED
Page 20:
For D.FUNC.TEMP you allow U.DELEGATE but not for D.FUNC.STORED. Why?
why you consider that S.PRT may write on behalf of U.ORIGINATOR if data was created on behalf of
U.ORIGINATOR for D.FUNC.TEMP and you allow only read for D.FUNC.STORED?
I think that the problem comes from the fact that you mix job logs with job instructions.
page 36:
why you consider only D.FUNC.TEMP. We can also have D.DOC.TEMP
why you consider only D.FUNC.STORED? You can also have D.DOC.STORED
page 39
why you consider that S.SCN may write on behalf of U.ORIGINATOR if data was created on behalf of
U.ORIGINATOR for D.FUNC.TEMP and you allow only read for D.FUNC.STORED? Same for the other models (DSR, for instance)
page 133?
In the SMI model you consider only the Administrator? I suppose that the regular user can use this interface?
Best regards,
_________________________________________________________
Carmen AUBRY,
GSNA, CISSP
Oce Print Logic Technologies S.A. -R&D -http://www.oce.com
Phone: +33 (0)1 48 98 80 22 - Fax: +33 (0)1 48 98 54 50
1, rue Jean Lemoine - BP 113 - 94015 Créteil Cedex - FRANCE
_________________________________________________________
-----Original Message-----
From: Brian Smithson [mailto:Brian.Smithson@RICOH-USA.COM]
Sent: Saturday, June 23, 2007 5:01 PM
To: STDS-2600@listserv.ieee.org
Subject: Re: [2600] FPP-A draft 28a posted
For those of you who prefer, here also is a version of the FPP that does not have changes marked:
http://grouper.ieee.org/groups/2600/drafts/ProtectionProfiles/P2600.1-28a_
ncb.pdf
Regards,
--
Brian Smithson
Project Manager
PMP, SSCP, CISSP, CISA, ISO 27000 PA
Advanced Imaging and Network Technologies Ricoh Americas Corporation
(408)346-4435
> -----Original Message-----
> From: Brian Smithson
> Sent: Friday, June 22, 2007 4:50 PM
> To: STDS-2600@listserv.ieee.org
> Subject: [2600] FPP-A draft 28a posted
>
> I have posted an updated draft of the Family of PPs for environment A.
>
> There are quite a few changes, and change marks were enabled during
> editing. This fulfills a bunch of action items: 348, 350, 354, 355,
> 356, 357. 358, and 359.
>
> You can download the draft here:
> http://grouper.ieee.org/groups/2600/drafts/ProtectionProfiles/
> P2600.1-28a.
> pdf
>
> Regards,
> --
> Brian Smithson
> Project Manager
> PMP, SSCP, CISSP, CISA, ISO 27000 PA
> Advanced Imaging and Network Technologies Ricoh Americas Corporation
> (408)346-4435
>
>
This message and attachment(s) are intended solely for use by the addressee and may contain information that is privileged, confidential or otherwise exempt from disclosure under applicable law.
If you are not the intended recipient or agent thereof responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited.
If you have received this communication in error, please notify the sender immediately by telephone and with a 'reply' message.
Thank you for your co-operation.