189: Loose Integration and Security

XMLWordPrintable

    • Type: Improvement
    • Resolution: Fixed
    • Priority: Trivial
    • wd19
    • Affects Version/s: csd01 - Public Review Draft
    • Component/s: spec
    • None
    • Hide

      Added to following to the end of the Architectural Background.

      Loose integration using the SOA style assumes careful definition of security requirements between partners. Size of transactions, costs of failure to perform, confidentiality agreements, information stewardship, and even changing regulatory requirements can require similar transactions be expressed within quite different security contexts. It is a feature of the SOA approach that security is composed in to meet the specific and evolving needs of different markets and transactions. Security implementation must be free to evolve over time and to support different needs. Energy Interop allows for this composition, without prescribing any particular security implementation.

      Show
      Added to following to the end of the Architectural Background. Loose integration using the SOA style assumes careful definition of security requirements between partners. Size of transactions, costs of failure to perform, confidentiality agreements, information stewardship, and even changing regulatory requirements can require similar transactions be expressed within quite different security contexts. It is a feature of the SOA approach that security is composed in to meet the specific and evolving needs of different markets and transactions. Security implementation must be free to evolve over time and to support different needs. Energy Interop allows for this composition, without prescribing any particular security implementation.

      Loose integration in different ownership domains (per the SOA-RA, 2751) needs further clarification pertaining to security to make it clear that that EI can embrace a security model that explicitly covers the IRC's concerns around Confidentiality, Integrity, Availability (per NERC CIP, http://www.nerc.com/page.php?cid=2|20). See IRC model (http://www.oasis-open.org/apps/org/workgroup/energyinterop/download.php/39898/IRC%20Smart%20Grid%20EA%20Models%202010-10-14_Rev1-FinalRelease.zip) for details of how the spec is expected to allow compliance with the NERC CIP standards for Information Protection.

            Assignee:
            Toby Considine (Inactive)
            Reporter:
            Edgardo Luzcando (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Created:
              Updated:
              Resolved: