-
Notifications
You must be signed in to change notification settings - Fork 7
BSL PIN Requirements
ckrup edited this page Jan 16, 2025
·
3 revisions
| Rqmt ID | Title | Description | Rationale | Verification |
|---|---|---|---|---|
| BSL-PIN-1-0 | Security Operation Determination | The BSL policy interface shall determine the security operations to be performed by the local BPA for a given set of blocks in a bundle. | The main entry point for the BSL on a bundle is to figure out what, if anything, needs to be processed in the bundle. | Test |
| BSL-PIN-1-1 | Security Role Determination | The BSL policy interface shall determine what security roles are performed by the local BPA for a given security operation. | The main entry point for the BSL on a bundle is to figure out what, if anything, needs to be processed in the bundle. | Test |
| BSL-PIN-1-2 | Security Operation Comparison | The BSL policy interface shall determine what security operations are expected to exist in a given bundle. | Policy at nodes identifies expected security operations in a bundle, and the absence of a required security operation is an error that may be handled through error handling and processing action. | Test |
| BSL-PIN-2-0 | Security Context Parameters | The BSL policy interface shall query security context information for a given security operation. This information includes the security context identifier and parameters. | The options of a security policy are a superset of the “parameters” which are present in the encoded security block. Options could also include choices about needed key strengths and an envelope of choices to be satisfied by crypto functions of a security context. | Test |
| BSL-PIN-2-1 | Parameter Overloading | The BSL policy interface shall query what policy-provided parameters should override parameters present in security blocks. | Security parameters may be present in a received security block but overridden as a matter of local policy. | Test |
| BSL-PIN-3-0 | Policy Side Processing | The BSL policy interface shall provide specific processing activities which are executed as part of processing a security operation. | During the processing of a single security operation, there are steps before, during, and after the BSL processing at which the BPA and the policy provider needs to be able to influence the operation. Rather than attempting to handle all possible current and future needs, the BSL delegates these behaviors to the BPA and/or policy providers which have more complete information about what needs to be done. | Test |