Posted by Ken Y-N on June 9th, 2008 at 03:20pm
InformationWeek has published an overview of the IF-MAP (Interface for Metadata Access Point) from the TCG’s (Trusted Computing Group) TNC (Trusted Network Connect) workgroup, focusing on how this new protocol can be used to integrate disparate devices for stronger NAC (Network Access Control).
Perhaps the first question many people have is what exactly is IF-MAP and why should it concern me. The article answers thus:
This means there’s finally a way for security and network devices from a variety of vendors to communicate, and thus make better assessments on whether to grant or deny access to everything from PCs to switches.
Currently, there is scarce integration between devices from different manufacturers, and sometimes between devices from the same vendor, but when conditions change on a host there are no end of devices that need to know about it, so either all the changes must be propogated by hand or each user needs to develop custom and costly solutions.
The promise is of a standardised framework for publishing and subscribing to device state data held by a central repository. With the specification now released, anyone can implement a solution based on it (there may be patent issues, but the TCG works on the RAND (Reasonable And Non-Discriminatory) licensing). Corporate IT departments can drive adoption by insisting on support in any new purchases. Active adoption of the standard will surely be win-win.
The IF-MAP server holds metadata about the state of all devices it knows about, so other devices can in a standardised way aggregate the states of disparate devices to make decisions on what policies to apply to a particular client. This simplifies a lot of things, as the article points out:
today there’s no standardized way to, say, ask a Radius server which clients have authenticated, or query a DHCP server as to which leases have been given out.
Read the full story on InformationWeek here.