Dashboard > Identification and Authentication credentials > Home > Control
  Identification and Authentication credentials Log In   View a printable version of the current page.  
Added by Jose REMY, last edited by Jose REMY on Jul 16, 2007

CONTROL security level

  1. Common Control framework CommonCtlFramework
  2. openOSI Control framework openosiCtlFramework
  3. openOSI Control Functions openosiCtlFunctions
  4. openOSI Control Implementation openosiCtlImplementation

Common Control framework


When building an Internet of trust all partners are concerned by the Control level which is defined as follows:

  1. Auditing
    • logging
    • logging analysis
    • Archiving
  2. Quality control
    • Documentation
    • Procedures and formal business processes
    • Quality framework such as ISO-9000 series
    • Security framework such as Common Criteria
      • Risk assessment
      • Security target (Description of security functionality & associated requirements)
      • Protection profiles (Set of security requirements & associated Evaluation Assurance Level - EAL)
      • Evaluation Assurance levels EAL-1 to EAL7
  3. Intellectual Property Management (IPR)
    • License
    • Digital rights management (DRM) and Enterprise-DRM - X.509 aware
      • Open Digital Rights Language (ODRL)
      • eXtensible rights Markup Language XrML - (MPEG-21) ISO/IEC 21000-5 standard
  4. Privacy protection procedures

The overall objective of the Control security level is to give a feed back of Identification, Authentication and Authorization processes efficiency against risk analysis and constraints of ethic and law for privacy protection. Therefore the Control security level is mainly the place for definition of security policies

Digital rights management and Control level

When DRM are implemented in such a way: copy protection and technical protection measures are enforced, the related processes belong to the Authorization security level.

openOSI Control framework: openOSI as Identity provider


openOSI Control level is related to its management of openOSI directory, holding virtual identities with strong identifiers.

Virtual identity

This is a core openOSI concept. In many operations over Internet, there is no need to deal with a real identity. What is needed is :

  • To ensure that behind a virtual identity a human exists (otherwise its a host, a service, a document or a media)
  • The virtual identity has attached resources
  • The virtual identity has an acceptable duration
  • The virtual identity has the required attributes

A virtual identity is defined as a fragment of a real identity targeted to a field of interest, and to the underlying "space of exchanges". I believe that development of virtual identities is an enabling framework for Internet2 development (An Internet of services). It is also a core element of privacy enhancement technologies, which foster and ease acceptability of controls developed for a web of trust. That is personal risk assessment leads to fragment risks linked to Internet activities (Fishing, children abuse, identity theft, hijacking of private data collected for an accepted purpose, unlawful use of private data regarding notably archiving ....)

openOSI Control functions


openOSI helps Control process with the following resources:

openOSI Control implementation


openOSI relies on the following LDAP directory
openOSI directory

  • directory.openosi.org
    • CN=directory.openosi.org
    • OU=VirtualHost
    • DC=openosi
    • DC=org

  • LDAP
  • LDAPS port tcp:636
openOSI Base DN

  • OU=VirtualPeople
  • DC=openosi
  • DC=org
DNSSEC trust anchor

Site powered by a free Open Source Project / Non-profit License (more) of Confluence - the Enterprise wiki.
Learn more or evaluate Confluence for your organisation.
Powered by Atlassian Confluence, the Enterprise Wiki. (Version: 2.4.2 Build:#703 Mar 12, 2007) - Bug/feature request - Contact Administrators