-
Notifications
You must be signed in to change notification settings - Fork 3
BSL BIN Requirements
ckrup edited this page Jan 16, 2025
·
3 revisions
| Rqmt ID | Title | Description | Rationale | Verification |
|---|---|---|---|---|
| BSL-BIN-1-0 | Obtaining BPA Configuration | The BSL shall use a BPA interface to query node-specific BPA configuration items. | There are some pieces of information which are already part of a BPA configuration or state that the BSL needs for its normal operations. | Test |
| BSL-BIN-2-0 | BPA Side Processing | The BSL shall use a BPA interface to query specific processing activities which are executed as part of processing a security operation. | During the processing of a single security operation, there are steps before, during, and after the BSL processing at which the BPA and the policy provider needs to be able to influence the operation. Rather than attempting to handle all possible current and future needs, the BSL delegates these behaviors to the BPA and/or policy providers which have more complete information about what needs to be done. | Test |
| BSL-BIN-3-0 | Deleting a Bundle | The BSL shall use a BPA interface to request the BPA to remove a bundle. | The BPA has control of bundle operations for specific failure conditions. Bundle deletion has side effects in the BPA, including external status reporting and bookkeeping. Dropping a bundle for security purposes removes retention constraints from a BPA without performing any of the normal deletion side effects. | Test |
| BSL-BIN-4-0 | Searching Block Types | The BSL shall use a BPA interface to query what block types exist in a bundle. | The BSL needs to be able to introspect a bundle for its contents to be able to provide this information to policy providers and to implement security context needs. | Test |
| BSL-BIN-4-1 | Searching Block Numbers | The BSL shall use a BPA interface to query what block numbers are present in a bundle. | The BSL needs to be able to introspect a bundle for its contents to be able to provide this information to policy providers and to implement security context needs. | Test |
| BSL-BIN-5-0 | Obtaining Block Metadata and Data | The BSL shall use a BPA interface to request, from the BPA, block contents associated with a specific block. | Target block BTSD is necessary for any security context, but some security contexts provide binding of the target to other blocks in the same bundle and the BSL needs to access all of that other data. | Test |
| BSL-BIN-5-1 | Block-Type-Specific Data Access | The BSL shall use a BPA interface to query block-type-specific data in a piecewise, sequential manner. | Because the BTSD is of arbitrary size, the interface to read and write BTSD needs to allow time- and resource-bounded access to the BTSD. It is not expected that random access into BTSD is needed. | Test |
| BSL-BIN-6-0 | Adding Blocks | The BSL shall use a BPA interface to have the BPA add new blocks to a bundle. | This is part of the role of Security Source to add new security blocks. The actual interface to add blocks will not be atomic, as some information is needed from the BPA such as assigning unique block numbers. | Test |
| BSL-BIN-7-0 | Removing Blocks | The BSL shall use a BPA interface to have the BPA remove existing blocks from a bundle. | This is part of the role of Security Acceptor to remove security blocks after they are no longer needed. | Test |
| BSL-BIN-8-0 | Modification of Block-Type-Specific Data | The BSL shall use a BPA interface to modify the block-type-specific data of non-security, non-primary blocks. | The confidentially requires replacing target block BTSD between plain text and cipher text. | Test |
| BSL-BIN-9-0 | Send Status Report | The BSL shall use a BPA interface to have a provided bundle status report transmitted by the BPA. | The BSL may need to construct status reports as part of required processing actions to signal reasons as defined in RFC9172. This requires that the status report be communicated to the BPA and transmitted. | Test |
| BSL-BIN-10-0 | Delegated Structure Encoding | The BSL shall use a BPA interface for encoding complex structures (such as Endpoint IDs). | Each BPA will have its own internal representation of EIDs and EID Patterns that are opaque to the BSL. Part of the BSL—BPA binding will be BPA-provided functions for these activities. | Test |
| BSL-BIN-10-1 | Delegated Structure Decoding | The BSL shall use a BPA interface for decoding complex structures (such as Endpoint IDs). | Each BPA will have its own internal representation of EIDs and EID Patterns that are opaque to the BSL. Part of the BSL—BPA binding will be BPA-provided functions for these activities. | Test |