The Printer Working Group · Working Draft – Imaging System Security Model (IDS-Model) February...

The Printer Working Group

February 2, 2015 Interim

Copyright © 2015 The Printer Working Group. All rights reserved.

1 2 3 4 5 6 7 8

9

Imaging System Security Model 10

(IDS-Model) 11

12

13

Status: Interim 14

15

Abstract: This document defines a model and set of security requirements that are 16 common to and shared between PWG standards and recommendations. 17

This document is a PWG Working Draft. For a definition of a "PWG Working Draft", see: 18 ftp://ftp.pwg.org/pub/pwg/general/pwg-process30.pdf 19

This document is available electronically at: 20 ftp://ftp.pwg.org/pub/pwg/ids/wd/wd-ids-model10-20150202.pdf21

Working Draft – Imaging System Security Model (IDS-Model) February 2, 2015

of 34 Copyright © 2015 The Printer Working Group. All rights reserved.

Copyright © 2015 The Printer Working Group. All rights reserved. 22

This document may be copied and furnished to others, and derivative works that comment 23 on, or otherwise explain it or assist in its implementation may be prepared, copied, 24 published and distributed, in whole or in part, without restriction of any kind, provided that 25 the above copyright notice, this paragraph and the title of the Document as referenced 26 below are included on all such copies and derivative works. However, this document itself 27 may not be modified in any way, such as by removing the copyright notice or references to 28 the IEEE-ISTO and the Printer Working Group, a program of the IEEE-ISTO. 29

Title: Imaging System Security Model (IDS-Model) 30

The IEEE-ISTO and the Printer Working Group DISCLAIM ANY AND ALL WARRANTIES, 31 WHETHER EXPRESS OR IMPLIED INCLUDING (WITHOUT LIMITATION) ANY IMPLIED 32 WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. 33

The Printer Working Group, a program of the IEEE-ISTO, reserves the right to make 34 changes to the document without further notice. The document may be updated, replaced 35 or made obsolete by other documents at any time. 36

The IEEE-ISTO takes no position regarding the validity or scope of any intellectual 37 property or other rights that might be claimed to pertain to the implementation or use of the 38 technology described in this document or the extent to which any license under such rights 39 might or might not be available; neither does it represent that it has made any effort to 40 identify any such rights. 41

The IEEE-ISTO invites any interested party to bring to its attention any copyrights, patents, 42 or patent applications, or other proprietary rights which may cover technology that may be 43 required to implement the contents of this document. The IEEE-ISTO and its programs 44 shall not be responsible for identifying patents for which a license may be required by a 45 document and/or IEEE-ISTO Industry Group Standard or for conducting inquiries into the 46 legal validity or scope of those patents that are brought to its attention. Inquiries may be 47 submitted to the IEEE-ISTO by e-mail at: [email protected]. 48

The Printer Working Group acknowledges that the IEEE-ISTO (acting itself or through its 49 designees) is, and shall at all times, be the sole entity that may authorize the use of 50 certification marks, trademarks, or other special designations to indicate compliance with 51 these materials. 52

Use of this document is wholly voluntary. The existence of this document does not imply 53 that there are no other ways to produce, test, measure, purchase, market, or provide other 54 goods and services related to its scope. 55 56



About the IEEE-ISTO 57

The IEEE-ISTO is a not-for-profit corporation offering industry groups an innovative and 58 flexible operational forum and support services. The IEEE-ISTO provides a forum not only 59 to develop standards, but also to facilitate activities that support the implementation and 60 acceptance of standards in the marketplace. The organization is affiliated with the IEEE 61 (http://www.ieee.org/) and the IEEE Standards Association (http://standards.ieee.org/). 62

For additional information regarding the IEEE-ISTO and its industry programs visit: 63 http://www.ieee-isto.org 64

About the IEEE-ISTO PWG 65

The Printer Working Group (or PWG) is a Program of the IEEE Industry Standards and 66 Technology Organization (ISTO) with member organizations including printer 67 manufacturers, print server developers, operating system providers, network operating 68 systems providers, network connectivity vendors, and print management application 69 developers. The group is chartered to make printers and the applications and operating 70 systems supporting them work together better. All references to the PWG in this 71 document implicitly mean “The Printer Working Group, a Program of the IEEE ISTO.” In 72 order to meet this objective, the PWG will document the results of their work as open 73 standards that define print related protocols, interfaces, procedures and conventions. 74 Printer manufacturers and vendors of printer related software will benefit from the 75 interoperability provided by voluntary conformance to these standards. 76

In general, a PWG standard is a specification that is stable, well understood, and is 77 technically competent, has multiple, independent and interoperable implementations with 78 substantial operational experience, and enjoys significant public support. 79

For additional information regarding the Printer Working Group visit: 80 http://www.pwg.org 81

Contact information: 82 The Printer Working Group 83 c/o The IEEE Industry Standards and Technology Organization 84 445 Hoes Lane 85 Piscataway, NJ 08854 86 USA 87

88

http://www.ieee.org/

http://standards.ieee.org/)

http://www.ieee-isto.org/



About the Imaging Device Security (IDS) Work Group 89

Description of IDS. 90

For additional information regarding IDS visit: 91 http://www.pwg.org/ids/ 92

Implementers of this specification are encouraged to join the IDS mailing list in order to 93 participate in any discussions of the specification. Suggested additions, changes, or 94 clarification to this specification, should be sent to the IDS Mailing list for consideration. 95

96



Table of Contents 97

1. Introduction ...................................................................................................................... 8 98 2. Terminology ..................................................................................................................... 8 99

2.1 Conformance Terminology ......................................................................................... 8 100 2.2 Other Terminology ...................................................................................................... 8 101 2.3 Acronyms and Organizations ..................................................................................... 9 102

3. Requirements ................................................................................................................. 10 103 3.1 Rationale for Imaging System Security Model .......................................................... 10 104 3.2 Use Cases ................................................................................................................ 10 105

3.2.1 Identify, Authenticate and Authorize a User ....................................................... 10 106 3.2.2 Enforce security requirements ........................................................................... 11 107 3.2.3 Find a secure Imaging System .......................................................................... 11 108 3.2.4 Ensure encrypted data In Transit ....................................................................... 11 109 3.2.5 Control job access at the Imaging Device .......................................................... 11 110 3.2.6 Control secure remote operation........................................................................ 11 111 3.2.7 Audit Document Trail ......................................................................................... 11 112 3.2.8 Imaging Job Confidentiality ................................................................................ 11 113 3.2.9 Tracking Imaging System Usage ....................................................................... 12 114 3.2.10 Imaging System Resource Access Control ...................................................... 12 115

3.3 Out of Scope ............................................................................................................ 12 116 3.4 Design Requirements ............................................................................................... 12 117

4. PWG Security Model ...................................................................................................... 12 118 4.1 Security Functions .................................................................................................... 13 119

4.1.1 Identification ....................................................................................................... 13 120 4.1.2 Authentication .................................................................................................... 13 121 4.1.3 Authorization ...................................................................................................... 13 122

4.2 Security Declaration Models ..................................................................................... 13 123 4.3 Actors ....................................................................................................................... 14 124

4.3.1 Device Actor ...................................................................................................... 14 125 4.3.2 Service Actor ..................................................................................................... 14 126 4.3.3 Client Actor ........................................................................................................ 14 127 4.3.4 User Actor .......................................................................................................... 14 128

4.4 Security Objects ....................................................................................................... 15 129 4.4.1 Device/System ................................................................................................... 15 130 4.4.2 Service ............................................................................................................... 15 131 4.4.3 Job ..................................................................................................................... 15 132 4.4.4 Document .......................................................................................................... 15 133

4.5 Roles and Types ...................................................................................................... 15 134 4.5.1 User Roles ......................................................................................................... 15 135 4.5.2 Client Roles ....................................................................................................... 16 136 4.5.3 Device Roles ...................................................................................................... 16 137 4.5.4 Service Roles ..................................................................................................... 17 138 4.5.5 Device Types ..................................................................................................... 17 139

5. Security Ticket ............................................................................................................... 18 140 5.1 Signature .................................................................................................................. 19 141 5.2 Security Elements .................................................................................................... 19 142



5.2.1 UserSecurity Elements ...................................................................................... 20 143 5.2.2 DeviceSecurity Elements ................................................................................... 21 144 5.2.3 ClientSecurity Elements ..................................................................................... 22 145 5.2.4 ServiceSecurity Elements .................................................................................. 22 146 5.2.5 JobSecurity Elements ........................................................................................ 23 147 5.2.6 DocumentSecurity Elements .............................................................................. 24 148

6. Security Operations ....................................................................................................... 25 149 6.1 GetSecurityElements ................................................................................................ 25 150

6.1.1 GetSecurityElementsRequest ............................................................................ 25 151 6.1.2 GetSecurityElementsResponse ......................................................................... 26 152 6.1.3 GetSecurityElements Operations ....................................................................... 27 153

7. Alerts and Notifications .................................................................................................. 27 154 7.1 Security Alerts .......................................................................................................... 28 155

8. Conformance Requirements .......................................................................................... 28 156 9. Conformance Recommendations ................................................................................... 28 157

9.1 IEEE2600-2008 Conformance .................................................................................. 28 158 9.2 Imaging System health and network access ............................................................ 28 159 9.3 Audit Log Generation and Availability ....................................................................... 29 160

10. Internationalization Considerations .............................................................................. 29 161 11. Security Considerations ............................................................................................... 29 162

11.1 Protection of End User’s Data ................................................................................ 29 163 12. IANA and PWG Considerations ................................................................................... 30 164 13. References ................................................................................................................... 30 165

13.1 Normative References ............................................................................................ 30 166 13.2 Informative References .......................................................................................... 31 167

14. Authors' Addresses ...................................................................................................... 32 168 15. Change History ............................................................................................................ 32 169 170 171

List of Figures 172

Figure 1: Security Ticket .................................................................................................... 18 173 Figure 2: Security Owner ................................................................................................... 19 174 Figure 3: Security Elements ............................................................................................... 20 175 Figure 4: User Security ...................................................................................................... 20 176 Figure 5: Device Security ................................................................................................... 21 177 Figure 6: Client Security ..................................................................................................... 22 178 Figure 7: Service Security .................................................................................................. 23 179 Figure 8: Job Security ........................................................................................................ 23 180 Figure 9: Document Security.............................................................................................. 24 181 Figure 10: GetSecurityElement Request ............................................................................ 25 182 Figure 11: GetSecurityElement Response ......................................................................... 26 183 Figure 12 : GetSecurityElements Sequence Diagram ........................................................ 27 184

185 186

List of Tables 187



Table 1: User Roles ........................................................................................................... 16 188 Table 2 : Client Roles ......................................................................................................... 16 189 Table 3: Device Roles ........................................................................................................ 17 190 Table 4: Service Roles ....................................................................................................... 17 191 Table 5 : Device Types ...................................................................................................... 18 192 Table 7: Security Alert Codes ............................................................................................ 28 193 194

195



1. Introduction 196

This standard defines a model and set of security requirements that are common to and 197 shared between PWG standards and recommendations. 198

2. Terminology 199

2.1 Conformance Terminology 200

Capitalized terms, such as MUST, MUST NOT, RECOMMENDED, REQUIRED, SHOULD, 201 SHOULD NOT, MAY, and OPTIONAL, have special meaning relating to conformance as 202 defined in Key words for use in RFCs to Indicate Requirement Levels [RFC2119]. The 203 term CONDITIONALLY REQUIRED is additionally defined for a conformance requirement 204 that applies to a particular capability or feature. 205

2.2 Other Terminology 206

207

208

Client: An application or software process that communicates with a service on behalf of a 209 User. 210

Correlated Attributes: An ordered set of related attributes that describe an instance of 211 firmware or software. The purpose of these Correlated Attributes is to allow ease-of-212 access and verification for each instance. 213

Delegated Resource: A resource whose Owner has delegated a different actor to manage 214 the resource in the Owner’s place. 215

Directory Service: A directory service is a collection of software and processes that store 216 information about Users, Devices, Services or other resources. 217

Endpoint: An endpoint is the directly addressable location of a device or resource in a 218 communications network. In the PWG Security Model, an endpoint is usually the location 219 of a service providing a resource or function or the location of a physical device. 220 Endpoints are typically specified as a protocol-specific network address, such as an 221 Internet Protocol (IP) address or DNS name, or as a URL of a specific service instance. A 222 device or service may have more than one endpoint. 223

Imaging Operations: A set of service and job operations that can be performed on an 224 Imaging System or service, such as Copy, Scan, Print, Fax, etc. 225



Imaging System: A hardware device or software process, or any combination of such 226 devices or software processes, that processes or produces hardcopy (i.e. paper) or digital 227 documents.Network Accessible Device: A Device that can be directly accessed by a 228 Client. 229

Kerberized Printing: authenticated printing based on SPNEGO-based Kerberos and NTLM 230 HTTP Authentication in Microsoft Windows [RFC4559], Transport Layer Security/1.2 231 [RFC5246], and Upgrading to TLS Within HTTP/1.1 [RFC2817]. 232

Network Accessible/Accessibility: Refers to the ability of one device to communicate 233 directly with another, for example a Client is able to connect to a Device, query for 234 supported attributes, submit Job creation requests, and so forth. 235

Network Visible Entity: A Network-visible Entity (NVE), also known as NVE socket, is the 236 resource that is addressable through a network. Typically, an NVE is a socket client for a 237 service available in a node. [JAVVIN]. 238

Secure Transport: encryption of the HTTP connection using Transport Layer Security 239 [RFC5246]. The security session may be negotiated at the initiation of the connection 240 ("HTTPS") or by Upgrading to TLS Within HTTP/1.1 [RFC2817]. 241

Security Actor: an authenticated actor with rights to modify security policies or perform 242 other security-related operations such as shutting down services 243

Security Domain: A bounded group of security objects and security subjects to which 244 applies a single security policy executed by a single security administrator [ECMATR46] 245

Service: Software providing access to physical, logical, or virtual resources and (typically) 246 processing of queued Jobs. 247

System Account: A special type of account of a computer system used to run system or 248 application processes that require less restricted access than an administrative or root 249 account to system resources and processes. 250

251

2.3 Acronyms and Organizations 252

IANA: Internet Assigned Numbers Authority, http://www.iana.org/ 253

IETF: Internet Engineering Task Force, http://www.ietf.org/ 254

ISO: International Organization for Standardization, http://www.iso.org/ 255

MFD: Multi-Function Device 256

PWG: Printer Working Group, http://www.pwg.org/ 257

http://www.pwg.org/



3. Requirements 258

3.1 Rationale for Imaging System Security Model 259

Given the following existing and developing specifications: 260

PWG 5110.3-2013, "PWG Common Log Format" [PWG5110.3] 261

RFC 2911 "Internet Printing Protocol/1.1: Model and Semantics" [RFC2911] 262

RFC 3995 "Internet Printing Protocol: Event Notifications and Subscriptions" 263 [RFC3995] 264

PWG 5100.12-2011 "IPP/2.0 Second Edition” [PWG5100.12] 265

PWG 5100.14-2013 "IPP Everywhere" [PWG5100.14] 266

IEEE 2600-2008 IEEE Standard for Information Technology: Hardcopy Device and 267 System Security [IEEE2600] 268

PWG Semantic Model [PWG5108.1] 269

PWG Cloud Imaging Requirements and Model [PWG-CLOUD] 270

And given the need for a standard method of defining, describing, and enforcing security 271 for Imaging Systems, the Imaging System Security Model should: 272

1. Provide recommendations for Imaging System Security policies based on 273 accepted security best practices. 274

2. Define new Semantic Model elements to support identification of Users, Clients, 275 Imaging Systems, Imaging Services, Subscriptions, Jobs, and Documents. 276

3. Define new Semantic Model elements to support authentication of Users, 277 Clients, Imaging Systems and Imaging Services. 278

4. Define new Semantic Model elements to support Access Control for Users, 279 Clients, Subscriptions, Imaging Systems, Imaging Services, Jobs, Documents 280 and Delegated Resources. 281

3.2 Use Cases 282

3.2.1 Identify, Authenticate and Authorize a User 283

Mike wants to print a document from his mobile phone to a hotel printer. The hotel 284 provides print service for hotel guest, and needs to ensure that only a guest uses a printer. 285 Mike wants to make sure that he is using an available free hotel printer. 286



3.2.2 Enforce security requirements 287

John is using his laptop computer to print 100,000 copies of his company’s product plan 288 through an Internet printing service. The Internet printing service has a relationship with 289 another printer service that can print the brochures in multiple locations that are close to 290 John’s company’s branch offices. Since these product plans contain proprietary 291 information, John and the print service need to ensure that all systems and companies 292 involved in the process are properly identified and vetted. 293

3.2.3 Find a secure Imaging System 294

Jerry is travelling in a foreign country and needs to securely print a document without fear 295 that a chosen printer may create an illicit copy of the document. He configures his PC to 296 find and use only printers that have been certified by a trusted certification authority to 297 meet a specific level of security. 298

3.2.4 Ensure encrypted data In Transit 299

Jane is travelling to a branch office of her company and wants to use a public printing 300 service to securely print a sensitive document on a company printer at her destination so 301 the document is available when she arrives. 302

3.2.5 Control job access at the Imaging Device 303

After Jane remotely sent her encrypted print job to a branch office printer, she wants to 304 make sure that no one can pick up her jobs before her. She needs the print service or 305 printer to hold the print job until she enters a release code to begin printing. 306

3.2.6 Control secure remote operation 307

Tom is working from home but needs some office documents scanned and sent to his 308 home PC. While his administrative assistant can load the necessary documents into the 309 scanner, the company needs to limit where and to whom the scanned documents can be 310 sent. . 311

3.2.7 Audit Document Trail 312

A corporation suspects that confidential non-public data has been compromised by printing 313 a document that contains the information. The investigating forensics team wants to audit 314 the document trail from the host location to all instances of it being printed, and identify 315 trace all access to the data stream, or the printed document. The forensic team also wants 316 to know the times and locations that each person had access to the data. 317

3.2.8 Imaging Job Confidentiality 318

Bob would like to be able to generate an imaging job on one Imaging System but have it 319 rendered on a different Imaging System. Both devices are connected via a network. The 320 contents of the imaging job are confidential and should not be disclosed to unauthorized 321



parties capable of intercepting (either actively or passively) the job in transit between the 322 devices. 323

3.2.9 Tracking Imaging System Usage 324

Bob would like to utilize an Imaging System that is administratively controlled by Alice. 325 Alice would like to unambiguously identify "who" is using the Imaging System, based on 326 identity credentials that have been previously issued to Bob. 327

3.2.10 Imaging System Resource Access Control 328

Bob would like to utilize an Imaging System administratively controlled by Alice. The 329 Imaging System is capable of multiple functions and consumes resources that Alice deems 330 valuable. Alice would like to control which functions and consumables of the device Bob is 331 capable of using, 332

3.3 Out of Scope 333

The following are considered out of scope for this specification: 334

1. Definition of new security encryption protocols 335 2. Definition of new authentication methods 336 3. Definition of new security policy definition languages and formats 337 4. Authentication of Network Connected devices 338

3.4 Design Requirements 339

The design for the Imaging System Security Model should: 340

1. Define new Semantic Model elements and values to support identification of 341 Users, Client Devices, Imaging Systems, Services, Jobs, and Documents. 342

2. Define new Semantic Model elements and values to support delegated resource 343 access. 344

3. Provide recommendations for Imaging System Security policies based on 345 accepted security best practices. 346

4. Define methods for authentication, authorization, and access control using 347 existing protocols and schema. 348

5. Provide the ability for vendors to add extensions to the Semantic Model 349 Elements. 350

4. PWG Security Model 351

The PWG Security Model is based on the idea of defining and attaching a set of security 352 attributes to the operations and data defined by other PWG specifications, such as imaging 353 service, imaging operations, job tickets and documents. These security attributes provide 354



the information necessary to perform the basic security functions defined by the model: 355 Identification, Authentication and Authorization. 356

The PWG Security Model can apply security requirements and credentials to different type 357 of entities. This specification describes two types of security entities, the Actor, and a 358 Security Object. 359

4.1 Security Functions 360

The IDS Model defines core security attributes and values for the identification, 361 Authentication and Authorization of Imaging Systems. The security attributes and values 362 can be applied to one or more Actors and are carried in a PWG Security Ticket. 363

4.1.1 Identification 364

Depending on the local site policy, authentication typically involves the identification of an 365 Actor based on three factors: “what you know” such as a username and password; “what 366 you have” such as presenting an ID card, a digital certificate, or entering a SecurID code; 367 or “who you are” information such as fingerprint, palm print, Iris scan, facial scan, etc. 368

4.1.2 Authentication 369

The identity of a Actor can easily be stolen or copied and should not be trusted without 370 being authenticated. The Authentication of a Actor requires that the Identity information 371 provided for an Actor, be combined with additional information, such as a password, PIN 372 code or biometric information. The combination of this information can then be validated 373 by a known and trusted authentication service or database. 374

4.1.3 Authorization 375

Depending on the local site access policy, the access rights for an authenticated Actor 376 may be restricted in what operations may be performed and what resources may be 377 accessed. By defining the rights and permissions that belong to specific Actors, resources 378 and operations, a site can control access to resources and capabilities. Authorization of 379 an Actor for access to a resource or operation is then accomplished by validating the 380 policy rights and restrictions for an Actor against the access policy for a resource or 381 operation. This validation is performed by an Authorization Service or through a data 382 store. 383

4.2 Security Declaration Models 384

In order to provide clear, independent and transportable definitions for common PWG 385 security requirements, a standard language must be used to express security 386 requirements. While several standards for expressing security information exist, PWG 387 security specifications will use the Extensible Access Control Markup Language (XACML) 388



for describing Access Control and Authorization information. XACML is standard XML 389 Schema that represents authorization and access policies [OASIS-XACML]. 390

4.3 Actors 391

An actor is an entity (i.e. a person or a software process) that attempts or requests to 392 perform an action on some security object. 393

4.3.1 Device Actor 394

An Imaging Device is a physical hardware entity, such as a smart phone, tablet, computer, 395 or Imaging System. Devices may perform actions as requesting access and authentication 396 to a network. Such actions can be an allowed or disallowed within a Security Domain 397 based on parameters provide by the device such as OS version, Device and System 398 Health, and supported communication protocols and encryption levels, or the physical 399 location of the device (GeoLocation), and thus the location of User or Services available on 400 that device. 401

4.3.2 Service Actor 402

A Service is “a mechanism to enable access to one or more capabilities, where the access 403 is provided using a prescribed interface and is exercised consistent with constraints and 404 policies as specified by the service description.” [OASIS-SOA] 405

It may be a separate application executed by a user, or a process executing as part of a 406 device operating system. In the context of this document, the Service is a visible entity 407 that a User or another Service connects to in order to perform a function. 408

4.3.3 Client Actor 409

A Client is a software process that communicates with a service. A client may be an 410 autonomous process or interact based on input from a User. 411

4.3.4 User Actor 412

An individual User of a device or service, usually a human, but could be a System 413 Account. The Security attributes of a User are global to a particular Security Domain, but 414 may be overridden by the attributes of the device currently being used by the User; i.e. 415 while a User may be authorized to use a particular service, if they are accessing the 416 service from a controlled location, as determined by the device being used, access may be 417 denied. 418



4.4 Security Objects 419

A Security Object is an entity upon which some action or operation can be performed. The 420 scope or allowable effect of the action may be limited or modified by a set of attributes 421 applied to the object and action. 422

4.4.1 Device/System 423

In the PWG security model, a Device or System may also be an object to which an action 424 can be directed. 425

4.4.2 Service 426

Similar to a device, a Service may also be viewed as an object that can be acted upon. 427

4.4.3 Job 428

Since many PWG specifications are concerned with the creation and processing of jobs, 429 the PWG Security Model allows for the application of security attributes to a specific job. 430

4.4.4 Document 431

Similar to jobs, the PWG Security Model provides for the application of security attributes 432 to a specific document. 433

4.5 Roles and Types 434

To assist in the definition and organization of allowed operations and capabilities, each 435 User, Device and Service may be assigned to one or more specific roles used assign and 436 categorize the capabilities and operation allowed. For this purpose, the following standard 437 role definitions are provided. A specific implementation may add additional roles as 438 desired. 439

4.5.1 User Roles 440

Role Description

Administrator A User who is authorized to manage all aspect of a Device or Service. .

FieldTechnician A Field Technician is allowed to install physical devices and accessories. The Field Technician is also allowed to perform the installation and setup of imaging services.

GroupMember A Group Member is allowed to access any operation and resources allowed for the assigned group

Guest A User who has limited and temporary access to basic imaging functions such as print, fax or scan.

LocalUser A User who is interacting with an Imaging System or Imaging Service from within physical proximity to the



Device or Service) NetworkAdministrator A User who is authorized to manage network

configuration and access parameters of the Imaging System or Imaging Services.

Operator A User that has special rights on the Imaging System. The Operator typically oversees the Imaging System. The Operator is allowed to query and control the Imaging System, Jobs and Documents based on site policy.

Owner The User who owns a particular object (usually the creator) such as a Job, an Imaging System or Imaging Service, or an Imaging Service registration.

ReadOnlyUser This is a role that allows a User to only perform query and read operations on the managed elements.

RemoteUser A User who is interacting with an Imaging System or Service from a remote location (i.e. a location not within physical proximity to an Imaging System)

SecurityAdministrator A User who is authorized to manage security aspects of the Imaging System and Imaging Services, such as defining access by User roles, installing security certificates, etc.

ServiceTechnician A person responsible for repairing a malfunctioning Imaging System, performing routine preventive maintenance, and other tasks that typically require advanced training on the device internals [RFC3805]

NormalUser A User who is authorized to perform basic imaging functions such as print, fax or scan.

Proxy A Client or process that is acting as an intermediary on behalf of a User or Imaging Service.

Table 1: User Roles 441

4.5.2 Client Roles 442

Role Description

User A client representing a User Proxy A process that is acting as an intermediary on behalf of

another Client or Service Vendor A custom role defined by the system vendor.

Table 2 : Client Roles 443

4.5.3 Device Roles 444

Role Description

Client A device directly used by a User (i.e. tablet) Server Service provider



Table 3: Device Roles 445

4.5.4 Service Roles 446

Role Description

Client A Client of the Service Server A Service provider Identification Service A Service that provides identification information for an

Actor, such as a Smart Card processing service. Key Distribution Service

A Service that supplies session tickets and temporary session keys, such as those used in the Kerberos authentication protocol.

Authentication Service An Authentication Provider (e.g. a key generator or 2-factor device or service); A Service that can perform authentication of Actors and Objects based on provide security attributes

Authorization Service A Service that provides access control decisions Directory Service A Service that provides access to directory information,

such as user names and accounts Copy Service An Imaging Service that provides hardcopy duplication of

hardcopy documents Print Service An Imaging Service that provides for hardcopy printed

output of digital information. Scan Service An Imaging Service that provides digital representation of

a hardcopy documents FaxOut Service An Imaging Service that sends outbound Facsimile jobs FaxIn Service An Imaging Service that receives inbound Facsimile jobs Transform Service An Imaging Service that transforms digital input into

another form of digital output System Control Service

A service that provides control over other Imaging Services, such as scan and print, within a system

Table 4: Service Roles 447

4.5.5 Device Types 448

The PWG Security Model distinguishes between different types of computing devices. 449

450 Type Description

Computer A stationary general purpose computing device such as a desktop PC.

Mobile Device A processing device that is primarily designed to be carried by a user, such as a laptop, smart phone or tablet computer.

Server A computing device that provides one or more services



for consumption by another Computer or User. Embedded Device A system that has dedicated purpose software

embedded in computer hardware. Embedded Devices often have constrained capabilities which lead to hard limits on process states and data access.

Imaging System A device specifically designed to process imaging jobs, such as a printer, scanner, or MFD.

Table 5 : Device Types 451

5. Security Ticket 452

The PWG Security Ticket is a container that can be used to attach selected Security 453 Attributes to various PWG operations and work objects, such as Jobs and Documents. 454 The PWG Security Ticket provides several collections of security information, organized 455 into three collections, each collection describing the security parameters for each actor 456 involved in a session or transaction. This specification provides an overview of the PWG 457 Security Ticket. More detail information about specific security attributes can be found in 458 the “Imaging System Security Identification, Authentication and Authorization” specification 459 [IDS-IAA]. 460

In this specification, the PWG Security Ticket is expressed using an abstract model based 461 on XML Schema and SOAP. Other Protocol Bindings for the PWG Security Ticket are not 462 defined by this document. 463

464

465

Figure 1: Security Ticket 466



5.1 Signature 467

The Signature element provides validation that the Security Ticket has not been 468 compromised. It is an XML signature element as specified in XML signature Syntax and 469 Processing [RFC3275]. Security Owner 470

471

Figure 2: Security Owner 472

The SecurityOwner element contains Security Identification element for the entity that 473 created the security ticket. The SecurityOwner may consist of multiple Actors in tandem, 474 and thus may be identified by multiple sets of Actor attributes: 475

User Information about the actual User, such as username, etc. 476

Device Information about the device currently being used for access 477

Client Information about any separate client process, application or tool that the 478 User is using 479

Service Information about any Service being used. 480

Detailed information about each of these Security Identification elements can be found in 481 IDS Identification, Authentication and Authorization specification [IDS-IAA]. 482

5.2 Security Elements 483

The document defines a set of common security elements that are used in different 484 contexts. These elements are organized into sets based on Actors. 485



486

Figure 3: Security Elements 487

5.2.1 UserSecurity Elements 488

The UserSecurity element describes the security parameters for a specified User. 489

490

Figure 4: User Security 491 UserSecurity includes elements to provide information for the Identification, Authentication 492 and Authorization (Access Rights) of the User. 493

5.2.1.1 UserIdentification 494

The UserIdentification element is a container for values and attribute that can be used to 495 identify the User. Examples include a User’s name, an account name, a User ID, an email 496 address, etc. 497



5.2.1.2 UserAuthentication 498

The UserAuthentication element contains information that can be combined with 499 corresponding UserIdentification information to prove that the User is who they say they 500 are, such as a password. 501

5.2.1.3 UserAuthorization 502

The UserAuthorization element is a container for values and attributes that may be used 503 for authorization decisions, such as the location of the User. 504 505

5.2.2 DeviceSecurity Elements 506

The DeviceSecurity element provides the security attributes for a particular Device Actor or 507 Object. 508

509

Figure 5: Device Security 510 DeviceSecurity includes elements to provide information for the Identification, 511 Authentication and Authorization (Access Rights) of the Device. 512

5.2.2.1 DeviceIdentification 513

The DeviceIdentification element is a container for values and attribute that can be used to 514 identify the Device. Examples include the DNS name of a device, the MAC or IPAddress, 515 or a UUID value assigned to the Device. 516

5.2.2.2 DeviceAuthentication 517

The DeviceAuthentication element contains information that can be combined with 518 corresponding DeviceIdentification information to confirm the identity of the Device. 519

5.2.2.3 DeviceAuthorization 520

The DeviceAuthorization element is a container for values and attributes that may be used 521 for authorization decisions, such as the type or location of a Device. 522



5.2.3 ClientSecurity Elements 523

A ClientSecurity element provides the security attributes for a particular Client. 524

525

Figure 6: Client Security 526 ClientSecurity includes elements to provide information for the Identification, 527 Authentication and Authorization (Access Rights) of the Client. 528

5.2.3.1 ClientIdentification 529

The ClientIdentification element is a container for values and attribute that can be used to 530 identify the Client, such as a UUID value assigned to the Client. 531

5.2.3.2 ClientAuthentication 532

The ClientAuthentication element contains information that can be combined with 533 corresponding ClientIdentification information to validate the Client. 534

5.2.3.3 ClientAuthorization 535

The ClientAuthorization element is a container for values and attributes that may be used 536 for authorization decisions, such as the type or location of Client. 537 538

5.2.4 ServiceSecurity Elements 539

A ServiceSecurity element provides the security attributes for a particular service actor or 540 object. This Service may be a logical entity on a device such as a Print Service on an 541 MFD, or may be a remote Service such as a Web Service. 542

543



544

Figure 7: Service Security 545 ServiceSecurity includes elements to provide information for the Identification, 546 Authentication and Authorization (Access Rights) of the Service. 547

5.2.4.1 ServiceIdentification 548

The ServiceIdentification element is a container for values and attribute that can be used 549 to identify the Service, such as a UUID value assigned to the Service. 550

5.2.4.2 ServiceAuthentication 551

The ServiceAuthentication element contains information that can be combined with 552 corresponding ServiceIdentification information to validate the Service. 553

5.2.4.3 ServiceAuthorization 554

The ServiceAuthorization element is a container for values and attributes that may be used 555 for authorization decisions, such as the type or location of Service. 556 557

5.2.5 JobSecurity Elements 558

The JobSecurity element contains the authentication attributes that control access to the 559 Job information. 560

561

Figure 8: Job Security 562



JobSecurity includes elements to provide information for the Authentication and 563 Authorization (Access Rights) of the Job. 564

5.2.5.1 JobAuthentication 565

The JobAuthentication element contains information to validate the Job, such as a 566 certificate to verify that the Job was created by a trusted User or Client. 567

5.2.5.2 JobAuthorization 568

The JobAuthorization element is a container for values and attributes that may be used for 569 authorization decisions, such as the type of Imaging Services allowed to process a job. 570 571

5.2.6 DocumentSecurity Elements 572

The DocumentSecurity element contains the authentication and rights attributes that 573 control access to document content, including encryption access information. 574

575

576

Figure 9: Document Security 577 DocumentSecurity includes elements to provide information for the Authentication and 578 Authorization (Access Rights) of the document. 579 580

5.2.6.1 Document Authentication 581

The DocumentAuthentication element contains the authentication information necessary 582 for enable access to the document content. This information may range from a simple 583 document password to a document decryption token or key. It may also contain 584 information to verify that the Document was provide by a trusted User, Client or Imaging 585 Service. 586

5.2.6.2 Document Rights 587

The DocumentRights element contains the access and usage rights for the user, device or 588 service for a document provided in a document operation such as the UserGroups allowed 589 to print a document 590



6. Security Operations 591

To facilitate the creation and population of Security Elements and values in a PWG 592 Security Ticket, it is necessary to be able to determine which Elements and attributes are 593 supported by a particular Actor. The PWG IDS Security Model defines a small set of 594 System level operations to access IDS Security Elements. 595

Question: Do we want to limit these operations to just the System/System Control Service 596 or allow them to be addressed to each system service in order to ServiceSecurity 597 Elements for each system service? Alternatively, we could define SystemSecurity 598 Elements to only be applicable to external services, such as file storage, etc. 599

6.1 GetSecurityElements 600

The GetSecurityElements operation allows a client to obtain a list of available security 601 elements for a specified Actor. GetSecurityElements is a transactional operation and 602 consists of a transaction request and a corresponding transaction response. 603

The response will contain the current security elements for the requested security identifies 604 and types. 605

6.1.1 GetSecurityElementsRequest 606

607

Figure 10: GetSecurityElement Request 608 609 The GetSecurityElementsRequest is issued by an Actor to obtain the security element 610 values supported by another Actor. 611

6.1.1.1 ElementsNaturalLanguageRequested 612

Specifies the language, where appropriate, that the response values should be provide in 613

6.1.1.2 RequestingSecurityOwner 614

This element contains the Identification information for the Actor making the request. 615



6.1.1.3 RequestingSecurityOwnerAuthentication 616

This element contains the corresponding authentication information for the Actor making 617 the request. 618

6.1.1.4 RequestedSecurityElements 619

Providing a RequestedSecurityElements element allows a requesting Actor to specify 620 which SecurityElements (i.e. UserAuthentication, DeviceSecurity, etc.) it wishes to receive 621 information about 622

The request MUST provide at least one SecurityElement containing a valid security 623 identification element, such as UserIdentification, DeviceIdentification or 624 ServiceIdentification, in order to specify the Actor from which additional security 625 information is being requested. 626 Additional SecurityElements, such as UserAuthentication or UserAuthorization, can be 627 provided in the request to specifiy which information about the Actor is being requested. If 628 no additional Security Elements are provided, that the responding Actor will provide all 629 information on all applicable SecurityElements. The security elements that can be 630 requested vary depending on the Actor to which the request is directed. 631

6.1.1.4.1 UserSecurity 632

6.1.1.4.2 DeviceSecurity 633

6.1.1.4.3 ClientSecurity 634

6.1.1.4.4 ServiceSecurity 635

6.1.1.4.5 JobSecurity 636

6.1.1.4.6 DocumentSecurity 637

638

6.1.2 GetSecurityElementsResponse 639

A GetSecurityElementsResponse is issued by an Actor in response to a 640 GetSecurityElementRequest from another Actor. 641

642

Figure 11: GetSecurityElement Response 643



6.1.2.1 ElementsNaturalLanguage 644

Identifies the language, where appropriate, that the response values are provide in 645

6.1.2.2 SecurityElements 646

This element contains the security elements and values that are returned by the response. 647 The contents are dependent on which elements are requested, and the Actor to which the 648 requested was directed. 649

6.1.2.2.1 UserSecurity 650

6.1.2.2.2 DeviceSecurity 651

6.1.2.2.3 ClientSecurity 652

6.1.2.2.4 ServiceSecurity 653

6.1.2.2.5 JobSecurity 654

6.1.2.2.6 DocumentSecurity 655

6.1.3 GetSecurityElements Operations 656

657

Figure 12 : GetSecurityElements Sequence Diagram 658

7. Alerts and Notifications 659

In order to keep administrators and security monitoring tools informed, an Imaging System 660 or service MUST be able to provide security and status alerts. In addition to the alerts and 661 messages defined in PWG 5107.3-2012: Printer MIB and IPP MFD Alerts [PWG5107.3] 662

http://ftp.pwg.org/pub/pwg/candidates/cs-pmpmfdalerts10-20120629-5107.3.pdf



and PWG 5110.3-2013 - PWG Common Log Format [PWG5110.3], Imaging System 663 SHOULD support the alerts listed in the following sections. 664

7.1 Security Alerts 665

NOTE: Need to get final values and send registration to IANA 666 Security Alert PrtAlertCodeTC

Value

securityUserIdentificationError 550 securityUserAuthenticationError 551 securityUserAuthorizationError 552 securityDeviceIdentificationError 560 securityDeviceAuthenticationError 561 securityDeviceAuthorizationError 562 securityServiceIdentificationError 570 securityServiceAuthenticationError 571 securityServiceAuthorizationError 572 securityUnknownEntity 580 securityInvalidAuthenticationService 581 securityInvalidAuthorizationService 582

Table 6: Security Alert Codes 667

8. Conformance Requirements 668

Any binding must conform to the PWG Security Schema and must meet the design 669 requirements outlined in 3.4. 670

9. Conformance Recommendations 671

9.1 IEEE2600-2008 Conformance 672

The IEEE2600-2008 standard [IEEE2600] defines security requirements for 673 manufacturers, users, and others in the selection, installation, configuration, and usage of 674 hardcopy devices including Imaging Systems. Imaging Systems SHOULD support the 675 IEEE 2600-2008 standard. 676

9.2 Imaging System health and network access 677

In order to support health assurance on such controlled networks, Imaging Systems 678 SHOULD support the Imaging System Security Health Attributes [PWG5110.1] and 679 corresponding Network Access Control protocol bindings such as Network Access 680 Protocol (NAP) [PWG5110.2] and Trusted Network Connection (TNC) [IDS-TNC]. 681



9.3 Audit Log Generation and Availability 682

Generating audit log records and making them available for review and analysis by 683 Administrators or Auditors are the most basic common security requirements for all 684 Imaging System operational environments. To support the auditing of imaging operations, 685 Imaging Systems SHOULD support the logging requirements as described in PWG 686 Common Log Format [PWG5110.3]. 687

10. Internationalization Considerations 688

For interoperability and basic support for multiple languages, conforming implementations 689 MUST support the Universal Character Set (UCS) Transformation Format -- 8 bit (UTF-8) 690 [RFC3629] encoding of Unicode [UNICODE] [ISO10646] and the Unicode Format for 691 Network Interchange [RFC5198]. 692

11. Security Considerations 693

Although security considerations specific to each Imaging Service may be discussed in the 694 specification for the Service Model, the following considerations are generally applicable. 695

11.1 Protection of End User’s Data 696

An Imaging System receives, creates, and processes a User’s Job and Document 697 according to the User’s intent configured in their Job and Document tickets. The Job and 698 Document and their associated ticket information may contain sensitive data such as a 699 Document that is classified as top secret, and where the Job and Document is to be routed 700 or stored after completion according to a local security policy. In addition to routing a 701 completed User’s Job and Document over the network, User’s sensitive Job and 702 Document data may be received over the network from a remote PC or client station. In 703 order to protect User’s data stored in an Imaging System or in-transit against disclosure or 704 modification, security measures can be implemented by an Imaging System according to a 705 local site’s security policy. 706

Additionally, an Imaging System SHOULD provide: 707

Access Control for on-device Data storage: Any user data stored by the Imaging 708 System, on internal storage or external storage controlled by the Imaging System, 709 can be protected by a minimum of User-level access control. 710

Protection of data at rest: Any user data stored by the Imaging System, on internal 711 storage or external storage controlled by a Imaging System, can be encrypted while 712 stored. 713



Protection of data in transit: Provide confidentiality of data in transit using an 714 protected end-to-end data path, such as provided by TLS encryption [RFC5246] or 715 by encrypting the data prior to transport. 716

Protection of data in use. Decrypted data that is stored in memory but not being 717 actively used is protected. 718

12. IANA and PWG Considerations 719

This specification is consistent with the PWG Semantic Model Version 3.0 XML Schema 720 [PWG-SCHEMA] 721

Printer MIB alert coded and corresponding state reason in IPP – see 5107.3 for examples 722

13. References 723

13.1 Normative References 724

[RFC2119] S. Bradner, "Key words for use in RFCs to Indicate Requirement 725 Levels", RFC 2119/BCP 14, March 1997, 726 http://www.ietf.org/rfc/rfc2119.txt 727

[RFC2911] T. Hastings, R. Herriot, R. deBry, S. Isaacson, P. Powell, "Internet 728 Printing Protocol/1.1: Model and Semantics", RFC 2911, September 729 2000, http://www.ietf.org/rfc/rfc2911.txt 730

[RFC3995] T. Hastings, R. Herriot, "Internet Printing Protocol: Event Notifications 731 and Subscriptions ", RFC 3995, March 2005, 732 http://www.ietf.org/rfc/rfc3995.txt 733

[RFC3805] R. Bergman, H. Lewis, I, McDonald "Printer MIB v2", RFC 3805, 734 March 1997, http://www.ietf.org/rfc/rfc3805.txt 735

[RFC5246] T.Dierks, E. Rescorla, "Transport Layer Security 1.2", RFC 5246, 736 August 2008, http://www.ietf.org/rfc/rfc5246.txt 737

[PWG5100.12] R. Bergman, H. Lewis, I. McDonald, M. Sweet, "IPP/2.0 Second 738 Edition", PWG 5100.12-2011, February 2011, 739 ftp://www.pwg.org/pub/pwg/candidates/cs-ipp20-20110214-740 5100.12.pdf 741

[PWG5100.14] M. Sweet, I. McDonald, "IPP Everywhere", PWG 5100.14-2013, 742 January 2013, ftp://ftp.pwg.org/pub/pwg/candidates/cs-ippeve10-743 20130128-5100.14.pdf 744

http://www.ietf.org/rfc/rfc2119.txt





ftp://www.pwg.org/pub/pwg/candidates/cs-ipp20-20110214-5100.12.pdf

ftp://www.pwg.org/pub/pwg/candidates/cs-ipp20-20110214-5100.12.pdf

ftp://ftp.pwg.org/pub/pwg/candidates/cs-ippeve10-20130128-5100.14.pdf

ftp://ftp.pwg.org/pub/pwg/candidates/cs-ippeve10-20130128-5100.14.pdf



[PWG5108.1] W. Wagner, P. Zehler, "MFD Model and Common Semantics", 745 PWG1304 5108.1-2011, April 2011, 746 ftp://ftp.pwg.org/pub/pwg/candidates/cs-sm20-mfdmodel10-20110415-747 5108.1.pdf 748

[PWG-CLOUD] W. Wagner, "PWG Cloud Imaging Requirements and Model ", April 749 2014, http://ftp.pwg.org/pub/pwg/cloud/wd/wd-cloudimagingmodel10-750 20140418.pdf 751

[PWG5110.1] J. Murdock, J. Thrasher, PWG 5110.3-2013, "PWG Hardcopy Device 752 Health Assessment Attributes", May, 2014, 753 ftp://ftp.pwg.org/pub/pwg/candidates/cs-idsattributes11-20140529-754 5110.1.pdf 755

[PWG5110.2] B. Smithson, J. Murdock, R. Bergman, J. Thrasher, PWG 5110.3-756 2013, "PWG Hardcopy Device Health Assessment Network Access 757 Protection Protocol Binding", April 2013, 758 ftp://ftp.pwg.org/pub/pwg/candidates/cs-ids-napsoh10-20130401-759 5110.2.pdf 760

[PWG5110.3] M. Sweet, PWG 5110.3-2013, "PWG Common Log Format", April 761 2013, ftp://ftp.pwg.org/pub/pwg/candidates/cs-ids-log10-20130401-762 5110.3.pdf 763

[IDS-IAA] J. Murdock, “IDS Identification, Authentication and Authorization 764 specification”, August 2014, 765 ftp://ftp.pwg.org/home/pwg/pub/pwg/ids/wd/wd-ids-iaa10-current.pdf 766

[PWG-SCHEMA] D. Manchala, “PWG Semantic Model V3.0 Schema”, 767 http://ftp.pwg.org/pub/pwg/sm3/schemas/PWG_SM_3.0_v2.904.zip 768

769

13.2 Informative References 770

[RFC4559] K. Jaganathan, L. Zhu, J. Brezak, "SPNEGO-based Kerberos and 771 NTLM HTTP Authentication in Microsoft Windows", RFC 4559, June 772 2006, http://www.ietf.org/rfc/rfc4559.txt 773

[OASIS-SOA] OASIS Standard, “OASIS Reference Model for Service Oriented 774 Architecture 1.0”, Oct. 12, 2006, http://docs.oasis-open.org/soa-775 rm/v1.0/soa-rm.pdf 776

[OASIS-XACML] eXtensible Access Control Markup Language (XACML) Version 3.0, 777 January 2013, http://docs.oasis-open.org/xacml/3.0/xacml-3.0-core-778 spec-os-en.pdf 779

ftp://ftp.pwg.org/pub/pwg/candidates/cs-sm20-mfdmodel10-20110415-5108.1.pdf

ftp://ftp.pwg.org/pub/pwg/candidates/cs-sm20-mfdmodel10-20110415-5108.1.pdf

http://ftp.pwg.org/pub/pwg/cloud/wd/wd-cloudimagingmodel10-20140418.pdf

http://ftp.pwg.org/pub/pwg/cloud/wd/wd-cloudimagingmodel10-20140418.pdf

ftp://ftp.pwg.org/pub/pwg/candidates/cs-idsattributes11-20140529-5110.1.pdf

ftp://ftp.pwg.org/pub/pwg/candidates/cs-idsattributes11-20140529-5110.1.pdf

ftp://ftp.pwg.org/pub/pwg/candidates/cs-ids-napsoh10-20130401-5110.2.pdf

ftp://ftp.pwg.org/pub/pwg/candidates/cs-ids-napsoh10-20130401-5110.2.pdf

ftp://ftp.pwg.org/pub/pwg/candidates/cs-ids-log10-20130401-5110.3.pdf

ftp://ftp.pwg.org/pub/pwg/candidates/cs-ids-log10-20130401-5110.3.pdf

ftp://ftp.pwg.org/home/pwg/pub/pwg/ids/wd/wd-ids-iaa10-current.pdf

http://ftp.pwg.org/pub/pwg/sm3/schemas/PWG_SM_3.0_v2.904.zip


http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=soa-rm

http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=soa-rm

http://docs.oasis-open.org/soa-rm/v1.0/soa-rm.pdf

http://docs.oasis-open.org/soa-rm/v1.0/soa-rm.pdf



[JAVVIN] Dong, Jielin, “Network Dictionary”, ISBN: 978-1-60267-000-6, March, 780 2007, http://www.javvin.com/networkdictionary.html 781

[ECMATR46] ECMA TR/46, “Security in Open Systems – A Security Framework”, 782 July 1988, http://www.ecma-international.org/publications/files/ECMA-783 TR/TR-046.pdf 784

[PWG5107.3] PWG 5107.3-2012, "Printer MIB and IPP MFD Alerts", June 2012, 785 ftp://ftp.pwg.org/pub/pwg/candidates/cs-pmpmfdalerts10-20120629-786 5107.3.pdf 787

[IEEE2600] IEEE 2600-2008 IEEE Standard for Information Technology: 788 Hardcopy Device and System Security 789

[RFC3275] D. Eastlake, J.Reagle, D. Solo, “XML-Signature Syntax and 790 Processing”, RFC3275, March 2002, http://www.ietf.org/rfc/rfc3275.txt 791

14. Authors' Addresses 792

Primary authors (using Address style): 793 Joe Murdock 794 Sharp Labs of America 795 5750 NW Pacific Rim Blvd 796 Camas, WA 98607 797 [email protected] 798

The authors would also like to thank the following individuals for their contributions to this 799 standard: 800

Nancy Chen - Okidata 801 Michael Sweet - Apple 802 Ira McDonald - High North 803 Bill Wagner - TIC 804

15. Change History 805

April 2, 2011 806

Initial revision. 807

May 24, 2011 808

Added Roles, Alerts. 809

Added security considerations, etc. 810

October 5, 2011 811

http://www.javvin.com/networkdictionary.html

http://www.ecma-international.org/publications/files/ECMA-TR/TR-046.pdf

http://www.ecma-international.org/publications/files/ECMA-TR/TR-046.pdf

ftp://ftp.pwg.org/pub/pwg/candidates/cs-pmpmfdalerts10-20120629-5107.3.pdf

ftp://ftp.pwg.org/pub/pwg/candidates/cs-pmpmfdalerts10-20120629-5107.3.pdf



Include Security Alerts from MFD Alerts 812

April 25, 2012 813

Updated Use Cases 814

Reformatted Roles and Alerts tables 815

June 5, 2012 816

Updated User Roles 817

August 3, 2012 818

Editorial Updates 819

Updated missing entries from change history 820

Add terminology and section on visibility 821

Removed Web Services Binding section 822

October 20, 2013 823

Rewrote section on visibility 824

Added proposed values for organization, device and service role definitions 825

February 5, 2014 826

Converted to new PWG template 827

February 28, 2014 828

Simplified document objective and moved IAA details to IAA document 829

April 10, 2014 830

Made changes requested from last review. Cleaned up and reorganized. 831

May 10, 2014 832

Made changes requested from last review. Added Client actor. Added Device as an 833 object. Added new Types section. Updated all schema diagrams to match latest schema 834 changes. Removed old Security Consideration section and moved parts into Conformance 835 Requirements. Added missing Normative references. Added JobSecurity element 836

July 10, 2014 837



Made changes requested from last review. Updated schema diagrams to match latest 838 schema changes. Change SecurityId to SecurityOwner in the SecurtyTicket 839

July 28, 2014 840

Made changes requested from conference call review. 841

August 04, 2014 842

Made changes requested from conference call review. 843

Added Security operations 844

Added Document security section 845

Moved Identification detail back to the IAA specification 846

Updated all schema diagrams to match latest schema changes. 847

Added missing normative references. 848

Filled in text description in several sections 849

November 1, 2014 850

Made changes requested from F2F review. 851

Merged Service Roles into Service Type and updated schema to match 852

Updated all schema diagrams to ones generated by Liquid XML for consistencey 853 with PWG specifications. 854

Filled in text description in several sections 855

Added references to RFC3995, RFC3275 and PWG Schema 856

February 02, 2015 857

Reorganized Terminology section in alphabetical order 858

Address F2F review comments 859

The Printer Working Group · Working Draft – Imaging System Security Model (IDS-Model) February...

Documents

Transcript of The Printer Working Group · Working Draft – Imaging System Security Model (IDS-Model) February...