Scope and Field of Application
|
TLMSP (ETSI TS 103 523-2) is a feature-rich protocol and it could be unclear to some users how to configure it in different scenarios, i.e. when different application layer protocols are used, and when used for different services. A TR providing guidelines on the following topics is proposed: 1. how to map different parts (such as header fields, sub-parts of payload, etc) of the application layer protocol onto different TLMSP contexts, 2. how to assign access rights (read/write/delete/insert) to those contexts, 3. recommendations on usage of deletions and insertions by authorized middleboxes, 4. suitable format and content of TLMSP audit containers, 5. how to (in more specific detail) a. apply dynamic discovery of middleboxes, b. use the TLMSP alternative modes (TLS-fallback and TLMSP-proxying).
In particular the items 2-5 will depend not only on the application protocol, but also on specifics of the service running over that protocol such as the type/functionality of middleboxes present, security threats, relevant security policies, etc. As the work progresses, other topics could be included, as identified.
Examples of application layer protocols in scope include at least: HTTP, … Examples of services in scope includes at least: external access into corporate network, internet access from inside corporate network, data center usage, malware protection,…
|