1 - 3 - 7 - 8 - A - B - C - D - E - F - G - H - I - J - L - M - N - O - P - Q - R - S - T - U - V - W
security
Click on the red underlined text to get to the source
... considerations, respectively.
- Sections 7 - 11 cover the Internationalization and Security
considerations as well as References, Author contact information,
and Formats for Registration Proposals.
...
... privacy using SSL3 [SSL] (the
mechanism for security configuration is outside the scope of
IPP/1.0). In some situations, both types of connections ...
... In other situations, multiple communication channels are used, one
for each type of security configuration. Section 8 provides a full
description of all security considerations and configurations.
...
... for each type of security configuration. Section 8 provides a full
description of all security considerations and configurations.
If a Printer object supports more than one communication channel ...
... some or all of those channels might support and/or require different
security mechanisms. In such cases, an administrator could expose
the simultaneous support for these multiple communication channels ...
... communication channel to the Printer object. The
"printer-uri-supported" attribute has a companion attribute, the
"uri-security-supported" attribute, that has the same cardinality as
"printer-uri-supported". The purpose of the "uri-security-supported"
...
... "uri-security-supported" attribute, that has the same cardinality as
"printer-uri-supported". The purpose of the "uri-security-supported"
attribute is to indicate the security mechanisms (if any) used for
...
... "printer-uri-supported". The purpose of the "uri-security-supported"
attribute is to indicate the security mechanisms (if any) used for
each URI listed in "printer-uri-supported". These two attributes are
...
... target for subsequent Job operations. The Printer object
generates a Job URI based on its configured security policy and the
URI used by the client ...
... URI(s).
- The Printer object's "uri-security-supported" attribute
identifies the communication channel security protocols ...
... security-supported" attribute
identifies the communication channel security protocols that may
or may not have been configured for the various Printer object
URIs ...
... URI when directing operations
at the Job object. The Printer object always uses its
configured security policy when creating the new URI. However,
if the Printer object supports more than one URI ...
... document data) would be accepted. The Validate-Job operation also
performs the same security negotiation as the Print-Job operation
(see section 8), so that a client ...
... client can check that the client and
Printer object security requirements can be met before performing a
Print-Job operation.
...
... requested attribute which is not supported. The Printer object
MAY respond with a subset of the supported attributes and
values, depending on the security policy in force. However, the
Printer object MUST respond with the 'unknown' value for any
supported attribute (including all REQUIRED attributes) for
...
... Object
Attributes for each returned Job object. The Printer object
ignores (does not respond with) any requested attribute or value
which is not supported or which is restricted by the security
policy in force, including whether the requesting user is the
user that submitted the job (job originating user) or not (see
section 8). However, the Printer object MUST respond with the '
...
... REQUIRED attributes) for which the Printer object does not know
the value, unless it would violate the security policy. See the
description of the "out-of-band" values in the beginning of
...
... IPP object ignores (does not respond with) any
requested attribute or value which is not supported or which is
restricted by the security policy in force, including whether
the requesting user is the user that submitted the job (job
originating user) or not (see section 8). However, the IPP ...
... attribute (including all RED butes) for which the IPP object
does not know the value, s it would violate the security policy.
See the description e "out-of-band" values in the beginning of
...
... generating the Job URI and the Printer object is aware of its
security configuration and policy as well as the Printer URI used in
the create ...
... authenticated as having operator privileges (whether local or
remote). If the security policy is to allow anyone to cancel
anyone's job, then this value may be used when the job is
canceled by other than the owner of the job. For such a
...
... anyone's job, then this value may be used when the job is
canceled by other than the owner of the job. For such a
security policy, in effect, everyone is an operator as far as
canceling jobs with IPP is concerned.
...
... | printer-uri-supported | 1setOf uri | REQUIRED |
+----------------------------+----------------------+----------------+
| uri-security-supported | 1setOf type2 keyword | REQUIRED |
+----------------------------+----------------------+----------------+
| printer-name | name (127) | REQUIRED |
...
... URI
is implementation dependent and depends on the protocol. See the
next section for a description "uri-security-supported" which is the
REQUIRED companion attribute to this "printer-uri-supported"
attribute. See section 2.4 on Printer object identity ...
... attribute. See section 2.4 on Printer object identity and section
8.2 on security and URIs for more information.
...
... uri-security-supported (1setOf type2 keyword) ...
... This REQUIRED Printer attribute MUST have the same cardinality
(contain the same number of values) as the "printer-uri-supported"
attribute. This attribute identifies the security mechanisms used
for each URI listed in the "printer-uri-supported" attribute. The "i
...
... for each URI listed in the "printer-uri-supported" attribute. The "i
th" value in "uri-security-supported" corresponds to the "i th" value
in "printer-uri-supported" and it describes the security mechanisms
...
... th" value in "uri-security-supported" corresponds to the "i th" value
in "printer-uri-supported" and it describes the security mechanisms
used for accessing the Printer object via that URI. The following
...
... administrator configures the "printer-uri-supported" and "uri-
security-supported" attributes as follows:
"printer-uri-supported": 'http://acme.com/open-use-printer', '
...
... http://acme.com/restricted-use-printer', '
http://acme.com/private-printer'
"uri-security-supported": 'none', 'none', 'ssl3'
In this case, one Printer object has three URIs ...
... - For the first URI, 'http://acme.com/open-use-printer', the value
'none' in "uri-security-supported" indicates that there is no
secure channel protocol configured to run under HTTP ...
... - For the second URI, 'http://acme.com/restricted-use-printer', the
value 'none' in "uri-security-supported" indicates that there is
no secure channel protocol configured to run under HTTP ...
... - For the third URI, 'http://acme.com/private-printer', the value '
ssl3' in "uri-security-supported" indicates that SSL3 is being
used to secure the channel. The client ...
... fact is made explicit by the presence of the 'ssl3' value in
"uri-security-supported". The client does not need to resort to
understanding which security ...
... security-supported". The client does not need to resort to
understanding which security it must use by following naming
conventions or by parsing the URI to determine which security
mechanisms ...
... security it must use by following naming
conventions or by parsing the URI to determine which security
mechanisms are implied.
It is expected that many IPP Printer ...
... Security Conformance Requirements ...
... security considerations and the IPP
application security profile required for SSL3 support, see section
8.
...
... Security Considerations ...
... privacy of messages via multiple encryption
schemes. An important point about security related information for
SSL3 access to an IPP object, is that the security ...
... security related information for
SSL3 access to an IPP object, is that the security-related parameters
(authentication, encryption keys ...
... IPP object that does not support SSL3 MAY elect to support a
transport layer that provides other security mechanisms. For
example, in a mapping of IPP over HTTP/1.1 ...
... RFC2069].
It is difficult to anticipate the security risks that might exist in
any given IPP environment. For example, if IPP ...
... might be in effect. See section 8.3 below for more details.
Since the security levels or the specific threats that any given IPP
system administrator ...
... system administrator may be concerned with cannot be anticipated, IPP
MUST be capable of operating with different security mechanisms and
security policies as required by the individual installation.
...
... MUST be capable of operating with different security mechanisms and
security policies as required by the individual installation.
Security policies might vary from very strong, to very weak, to none
...
... security policies as required by the individual installation.
Security policies might vary from very strong, to very weak, to none
at all, and corresponding security mechanisms will be required. SSL3
...
... Security policies might vary from very strong, to very weak, to none
at all, and corresponding security mechanisms will be required. SSL3
supports the type of negotiated levels of security required by most,
...
... at all, and corresponding security mechanisms will be required. SSL3
supports the type of negotiated levels of security required by most,
if not all, potential IPP environments. IPP ...
... IPP environments. IPP environments that require
no security can elect to deploy IPP objects that do not utilize the
optional SSL3 security mechanisms ...
... security can elect to deploy IPP objects that do not utilize the
optional SSL3 security mechanisms.
...
... Security Scenarios ...
...
The following sections describe specific security attacks for IPP
environments. Where examples are provided they should be considered
...
... the document to the business associate as a facsimile. Printing
sensitive information on a Printer in a different security domain
requires strong security measures ...
... security domain
requires strong security measures. In this environment authentication
of the printer is required as well as protection against ...
... of the printer is required as well as protection against unauthorized
use of print resources. Since the document crosses security domains,
...
... access, or both. The "printer-uri-supported" attribute contains the
Printer object's URI(s). Its companion attribute, "uri-security-
supported", identifies the security mechanism used for each URI ...
... URI(s). Its companion attribute, "uri-security-
supported", identifies the security mechanism used for each URI
listed in the "printer-uri-supported" attribute. For each Printer
operation ...
... objects, and the Printer object will generate the correct URI for new
Job objects depending on the Printer object's security configuration.
...
... IPP operations, a client supplies a list of attributes to be
returned in the response. For security reasons, an IPP object may be
configured not to return all attributes (or all values) that a client
requests ...
... object, could the foreign jobs be queried by an IPP request.
Alternatively, if the security policy is to allow users to query
other users' jobs, then the foreign jobs would also be visible to an
...
... under attack
by a client attempting to exploit security holes present in some IPP
objects using fixed-length buffers ...
... IPP Printer object using one of its URIs. The
"uri-security-supported" attribute identifies the protocol (if any)
used to secure a channel.
...
...
printer-uri-supported RECOMMENDED Section 4.4.1
uri-security-supported RECOMMENDED Section 4.4.2
printer-name RECOMMENDED Section 4.4.3
printer-location RECOMMENDED Section 4.4.4
...