Security
service is a service,
provided by a layer of communicating open systems, which ensures adequate
security of the systems or of data transfers as defined by ITU-T
X.800 Recommend
X.800 and ISO
7498-2 (Information processing systems – Open systems interconnection – Basic
Reference Model – Part 2: Security architecture) are technically aligned. This model is
widely recognized
A more general
definition is in CNSS Instruction No. 4009 dated 26 April 2010 by Committee
on National Security Systems of United States of America:
A capability that supports one, or
more, of the security requirements (Confidentiality, Integrity, Availability).
Examples of security services are key management, access control, and
authentication.
Another
authoritative definition is in W3C Web service Glossary adopted by NIST
SP 800-95:
A processing or communication service
that is provided by a system to give a specific kind of protection to
resources, where said resources may reside with said system or reside with
other systems, for example, an authentication service or a PKI-based document
attribution and authentication service. A security service is a superset of AAA
services. Security services typically implement portions of security policies
and are implemented via security mechanisms.
Tidak ada komentar:
Posting Komentar