This draft describes an architecture for security policy management
for IPSEC based on the principle of ``compliance checking.'' We
describe a two-level policy hierarchy, in which security association
policy is managed by a highly flexible policy language, which in turn
provides input to packet policies that are managed by a fast packet
filtering language. We provide a sample SA policy language, based on
KeyNote, and describe interoperability issues for this architecture.
Discussion(0)
No comments yet. Be the first to comment.