The Trusted Computing Group (TCG) has released the “SWID Message and Attributes for IF-M” specification as a final specification. This specification enables communication about the software state of an endpoint as part of a Trusted Network Communications (TNC) health check.
SWID tags are defined by the ISO/IEC 19770-2:2009 specification, published by the International Organization for Standards (ISO), and provide a standard format for identifying software products such as applications and operating systems. (At the time that SWID Message and Attributes for IF-M is published, ISO is preparing to release a revised version of the SWID specification. SWID Message and Attributes for IF-M is also usable with this revised SWID specification.)
Because TCG’s Trusted Network Communications (TNC) architecture and IETF’s Network Endpoint Assessment (NEA) architecture are designed to be interoperable, SWID Message and Attributes for IF-M is capable of supporting both TCG and IETF architectures. The SWID Message and Attributes for IF-M specification describes procedures by which an endpoint can publish its collection of SWID tags to a policy server (i.e., a TNC Policy Decision Point or NEA server), thereby giving it information about the software products installed on the endpoint.
The SWID Message and Attributes for IF-M specification defines procedures for collecting both inventories (i.e., a list of SWID tags on the endpoint) and SWID tag events (i.e., how an endpoint’s SWID tag collection has changed since some prior point in time). The former gives a policy server a complete understanding of an endpoint’s SWID tag collection, while the latter allows the server to update a prior understanding of this collection while minimizing the amount of data exchanged.
In addition, SWID Message and Attributes for IF-M supports both pushing and pulling of SWID tag information. Policy servers can directly request information about an endpoint’s SWID tag collection (either inventories or event lists) or the policy server can establish subscriptions on an endpoint. In the latter case, the endpoint monitors its SWID tag collection for changes and pushes information to the policy server upon change detection. The ability to support either method of keeping the policy server informed as to endpoint state allows SWID Message and Attributes for IF-M to support a range of assessment procedures.
SWID Message and Attributes for IF-M provides standardized procedures for collecting SWID tags, which are seeing growing use by application vendors. The TNC Endpoint Compliance Profile requires the use of SWID Message and Attributes for IF-M to ensure that this important aspect of endpoint state can be collected and used in endpoint compliance testing. In this and in other Trusted Network Communications profiles, the SWID Message and Attributes for IF-M specification will provide useful standardization of important assessment activities.
Membership in the Trusted Computing Group is your key to participating with fellow industry stakeholders in the quest to develop and promote trusted computing technologies.
Standards-based Trusted Computing technologies developed by TCG members now are deployed in enterprise systems, storage systems, networks, embedded systems, and mobile devices and can help secure cloud computing and virtualized systems.
Trusted Computing Group announced that its TPM 2.0 (Trusted Platform Module) Library Specification was approved as a formal international standard under ISO/IEC (the International Organization for Standardization and the International Electrotechnical Commission). TCG has 90+ specifications and guidance documents to help build a trusted computing environment.