Trusted Computing Group Defines Authorization System for IF-MAP

Date Published: January, 01, 2015

The success of TCG’s IF-MAP has brought new challenges. IF-MAP is a protocol for dynamic data interchange among a wide variety of networking and security components. IF-MAP enables users to implement multi-vendor systems that provide coordinated defense-in-depth and enable security automation.

Content aggregated in the deployment of IF-MAP has high value, potentially to not only good guys but to the bad guys. What if a component connected via IF-MAP becomes compromised? A defense-in-depth strategy must limit the damage an authentic – but compromised – IF-MAP element can do.

To protect the valuable content collected by IF-MAP, there must be a way to authorize classes of IF-MAP clients to access the MAP content according to their roles. The authorization system must be straightforward enough for system administrators to use, yet flexible enough to accommodate the extensibility and free-form nature of the IF-MAP data model.

Now, TCG has developed the TNC MAP Content Authorization specification, applying OASIS eXtensible Access Control Markup Language (XACML), a mature and powerful authorization system. The specification defines an authorization model that restricts the operations each MAP Client can perform on MAP content, or the data in a MAP server. Through such authorization, administrators can ensure that clients are barred from unauthorized data access as defined by policy.

Find details in the specification documents at The TCG MAP Content Authorization specification is currently open for public review, and comments on the specification are welcomed at: [email protected].


Membership in the Trusted Computing Group is your key to participating with fellow industry stakeholders in the quest to develop and promote trusted computing technologies.

Join Now

Trusted Computing

Standards-based Trusted Computing technologies developed by TCG members now are deployed in enterprise systems, storage systems, networks, embedded systems, and mobile devices and can help secure cloud computing and virtualized systems.

Read more


Trusted Computing Group announced that its TPM 2.0 (Trusted Platform Module) Library Specification was approved as a formal international standard under ISO/IEC (the International Organization for Standardization and the International Electrotechnical Commission). TCG has 90+ specifications and guidance documents to help build a trusted computing environment.

Read More