Re: Policy Terminology
Martin Lee Schoffstall <schoff@psi.com> Fri, 19 October 1990 01:26 UTC
Received: from psi.com by NRI.NRI.Reston.VA.US id aa16284; 18 Oct 90 21:26 EDT
Received: from localhost by psi.com (5.61/2.1-Performance Systems International) id AA18878; Thu, 18 Oct 90 21:10:03 -0400
Message-Id: <9010190110.AA18878@psi.com>
To: Robert Shirey <shirey@smiley.mitre.org>
Cc: spwg@NRI.Reston.VA.US
Subject: Re: Policy Terminology
In-Reply-To: Your message of Thu, 18 Oct 90 15:33:36 -0400. <9010181933.AA15757@smiley.mitre.org>
Date: Thu, 18 Oct 1990 21:10:02 -0400
From: Martin Lee Schoffstall <schoff@psi.com>
Status: O
While this is an interesting suggestion, it is a tad parochial, we may want to temper some of the definitive nature of ISO with 20 years of experiences in the ARPANET/Internet. Marty -------- At a minimum, Internet security policy and other security-related documents shoul use the internationally standardized terminology of ISO International Standard 7498/2, the OSI security architecture. For example, say "data confidentiality" instead of "data privacy". There is enough work to do without having to define terms. The draft policy reads much more like a voluntary code of ethics than a policy . Definition from 7498/2: "security policy: The set of criteria for the provision of security services".
- Policy Terminology Robert Shirey
- Re: Policy Terminology Martin Lee Schoffstall