Re: Policy Terminology

Martin Lee Schoffstall <schoff@psi.com> Fri, 19 October 1990 01:26 UTC

Received: from psi.com by NRI.NRI.Reston.VA.US id aa16284; 18 Oct 90 21:26 EDT
Received: from localhost by psi.com (5.61/2.1-Performance Systems International) id AA18878; Thu, 18 Oct 90 21:10:03 -0400
Message-Id: <9010190110.AA18878@psi.com>
To: Robert Shirey <shirey@smiley.mitre.org>
Cc: spwg@NRI.Reston.VA.US
Subject: Re: Policy Terminology
In-Reply-To: Your message of Thu, 18 Oct 90 15:33:36 -0400. <9010181933.AA15757@smiley.mitre.org>
Date: Thu, 18 Oct 1990 21:10:02 -0400
From: Martin Lee Schoffstall <schoff@psi.com>
Status: O

While this is an interesting suggestion, it is a tad parochial, we
may want to temper some of the definitive nature of ISO with 20
years of experiences in the ARPANET/Internet.

Marty
--------

 At a minimum, Internet security policy and other security-related documents
 shoul use the internationally standardized terminology of ISO International
 Standard 7498/2, the OSI security architecture.  For example, say
 "data confidentiality" instead of "data privacy".  There is enough work to
 do without having to define terms.

 The draft policy reads much more like a voluntary code of ethics than a policy
.

 Definition from 7498/2:  "security policy:  The set of criteria for
 the provision of security services".

Policy Terminology Robert Shirey
Re: Policy Terminology Martin Lee Schoffstall