The success of TCG’s IF-MAP has brought new challenges. IF-MAP is a protocol for dynamic data interchange among a wide variety of networking and security components. IF-MAP enables users to implement multi-vendor systems that provide coordinated defense-in-depth and enable security automation.

Content aggregated in the deployment of IF-MAP has high value, potentially to not only good guys but to the bad guys. What if a component connected via IF-MAP becomes compromised? A defense-in-depth strategy must limit the damage an authentic – but compromised – IF-MAP element can do.

To protect the valuable content collected by IF-MAP, there must be a way to authorize classes of IF-MAP clients to access the MAP content according to their roles. The authorization system must be straightforward enough for system administrators to use, yet flexible enough to accommodate the extensibility and free-form nature of the IF-MAP data model.

Now, TCG has developed the TNC MAP Content Authorization specification, applying OASIS eXtensible Access Control Markup Language (XACML), a mature and powerful authorization system. The specification defines an authorization model that restricts the operations each MAP Client can perform on MAP content, or the data in a MAP server. Through such authorization, administrators can ensure that clients are barred from unauthorized data access as defined by policy.

Find details in the specification documents at https://trustedcomputinggroup.org/resources/tnc_map_content_authorization. The TCG MAP Content Authorization specification is currently open for public review, and comments on the specification are welcomed at: [email protected].