IntelliGrid Architecture

Inter-Corporation Environment - #14

This environment consists of the requirements for standard business communications between power system organizations and others.

Typical Applications:  Contracts, email, regulations, sales, marketing, orders and invoices.

Characteristics:  Business-to-business, relatively small volumes of traffic, typically file-oriented but a variety of file types, with acceptable response times in hours or days.

Similar Environments:  Similar technologically to other business-to-business environments, but not related to operational, safety or reliability issues in real-time.

Definition:  This environment is defined by the following requirements:

Communication and Information Requirements that Define this Environment

Configuration Requirements

• Support interactions across widely distributed sites

Security Requirements

• Provide Identity Establishment Service (you are who you say you are)
• Provide Authorization Service for Access Control (resolving a policy-based access control decision to ensure authorized entities have appropriate access rights and authorized access is not denied)
• Provide Information Integrity Service (data has not been subject to unauthorized changes or these unauthorized changes are detected)
• Provide Confidentiality Service (only authorized access to information, protection against eavesdropping)
• Provide Inter-Domain Security Service (support security requirements across organizational boundaries)
• Provide Non-repudiation Service (cannot deny that interaction took place)
• Provide Security Assurance Service  (determine the level of security provided by another environment)
• Provide Audit Service (responsible for producing records, which track security relevant events)
• Provide Security Policy Service (concerned with the management of security policies)
• Provide Trust Establishment Security Service (security verification across multiple organizations)
• Provide Path and Routing Quality of Security (being able to determine a secure communication path)
• Provide Firewall Transversal
• Provide User Profile and User Management (combination of several other security services)
• Provide Security Protocol mapping (the ability to convert from one protocol to another)
• Provide Security Discovery (the ability to determine what security services are available for use)

Data Management Requirements

• Support extensive data validation procedures
• Support frequent changes in types of data exchanged
• Support management of data whose types can vary significantly in different implementations
• Provide discovery service (discovering available services and their characteristics)
• Provide services for spontaneously finding and joining a community
• Provide conversion and protocol mapping
• Support the management of data across organizational boundaries

Recommended Technologies

Energy Industry-Specific Technologies

    Utility Control Center Related Data Management Technologies

• IEC 61970 Part 3 - Common Information Model (CIM) - Data Management
• CIM Extensions for Market Operations - Data Management
• IEC 61970 Part 4 - Generic Interface Definition (GID) - Configuration, Data Management

Communications Industry Technologies

    Access Technologies

• Public Internet - Configuration,
• Private Intranet - Configuration,

    Networking Technologies

• Internet Protocol Version V4 (IPV4) - Configuration,

    IP-based Transport Protocols

• Transmission Control Protocol (TCP) - Configuration,

    Link Layer and Physical Technologies

• Synchronous Optical Network (SONET) and Synchronous Digital Hierarchy (SDH) - Configuration,
• Asynchronous Transfer Mode (ATM) - Configuration,

    Computer Systems Related Technologies

• Web Services - Data Management
• Universal Description, Discovery, and Integration (UDDI) - Data Management
• XML Protocol/Simple Object Access Protocol (SOAP) - Data Management
• GUID - Data Management

    General Internet and De Facto Data Management Technologies

• ISO/IEC 11179 Parts 1 - 6 Metadata Registries - Data Management
• Meta Object Facility (MOF) - Data Management
• XML Metadata Interchange (XMI) - Data Management
• eXtensible Markup Language (XML) - Data Management
• XML Schema (xls) - Data Management
• ANSI/ISO/IEC 9075 - Structured Query Language (SQL) - Data Management

    eCommerce Related Data Management Technologies

• ebXML - Data Management
• ebXML Collaboration Protocol Profiles (CPPA) - Data Management
• ebXML Messaging - Data Management
• ebXML Registry - Data Management
• ISO/IEC JTC 1 SC32 - ISO/IEC 15944-1:2002 Information technology -- Business agreement semantic descriptive techniques -- Part 1: Operational aspects of Open-EDI for implementation - Data Management

Security Technologies

    Policy and Framework Related Technologies

• ISO/IEC 10164-8:1993 Security Audit Trail Function - Information technology - Open Systems Interconnection - Systems Management - Security,
• ISO/IEC 18014-1:2002 Time-Stamping Services - Information technology - Security Techniques - Part 1: Framework - Security, Data Management
• ISO/IEC 10181-7:1996 Security Audit and Alarms Framework - Information technology - Open Systems Interconnection -- Security Frameworks for Open Systems - Security,
• FIPS PUB 112 Password Usage - Security,
• FIPS PUB 113 Computer Data Authentication - Security,
• RFC 2196 Site Security Handbook - Security,
• RFC 2401 Security Architecture for the Internet Protocol - Security,
• RFC 2527 Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework - Security,

    General Security Technologies

• FIPS 197 for Advanced Encryption Standard (AES) - Security,
• FIPS 186 Digital Signatures Standard (DSS) - Security,
• Intrusion Detection Technologies - Security,
• Intrusion Prevention Systems (IPS) - Security,
• Service Level Agreements (SLA) - Security,

    Media and Network Layer Technologies

• Secure IP Architecture (IPSec) - Security,
• IEEE 802.11i Security for Wireless Networks - Security,
• Remote Authentication Dial In User Service (RADIUS) - Security,
• ATM Security - Security,
• AGA-12 Cryptographic Protection of SCADA Communications General Recommendations - Security,

    Application Layer Security Technologies

• RFC 2228 FTP Security Extensions - Security,
• Internet Mail Extensions - Security,
• RFC 2086 IMAP4 ACL extension - Security,
• SNMP Security - Security,
• RFC 1305 Network Time Protocol (Version 3) Specification, Implementation - Security,
• IEC 62351-4 Security for Profiles including MMS (ISO-9506) - Security,
• IEC 62351-5 Security for IEC 60870-5 and Derivatives - Security,
• IEC 62351-6 Security for IEC 61850 GOOSE, GSSE, and SMV Profiles - Security,

    XML Related Technologies

• OASIS Security Assertion Markup Language (SAML) - Security,
• OASIS Extensible Access Control Markup Language (XACML - Security,
• XML Key Management Specification (XKMS - Security,
• Secure XML - Security,

Network and Enterprise Management Technologies

Recommended Common Services

Security Services

    Common Security Services

• Audit Common Service - Security,
• Authorization for Access Control - Security,
• Confidentiality - Security,
• Firewall Traversal - Security,
• Identity Establishment Service - Security,
• Information Integrity Service - Security,
• Inter-Domain Security - Security,
• Non-repudiation - Security,
• Path Routing and QOS Service - Security,
• Security Policies - Security,
• Quality of Identity Service - Security,
• Security Assurance Management - Security,
• Security Protocol Mapping - Security,
• Security Service Availability Discovery Service - Security,
• Trust Establishment Service - Security,
• User and Group Management - Security,

Network and System Management Services

Data Management Common Services

    Data Management Common Services

• Object Management Service - Data Management
• Address and Naming Management - Data Management
• Alarm Detection/Reporting - Data Management
• Instrumentation and Monitoring Service - Data Management
• Measurement Data Logging Service - Security,

Common Platform Services

    Common Platform Services

• Component Registry Service - Data Management
• Component Lookup Service - Data Management
• Component Discovery Service - Data Management

 

---

Recommended Best Practices

Data Management Best Practices

    Data Management

• Metadata Files and Databases - Data Management
• Object Modeling Techniques - Data Management
• Quality Flagging - Data Management
• Time Stamping - Security, Data Management
• Validation of Source Data and Data Exchanges - Data Management
• Management of Data Consistency and Synchronization across Systems - Data Management
• Management of Data Accuracy - Data Management
• Management of Data Acquisition - Data Management
• Management of Manual Data Entry - Data Management
• Database Maintenance Management - Data Management
• Data Backup and Logging - Security, Data Management

Security Best Practices

    Security Frameworks and Policy Documents

• ISO/IEC Security Best Practices - Security,
• ISO/IEC 18014-3:2004 Information technology -- Security techniques -- Time-stamping services -- Part 3: Mechanisms producing linked tokens - Security,
• Federal Security Best Practices - Security,
• CICSI 6731.01 Global Command and Control System Security Policy - Security,
• FIPS PUB 112 Password Usage - Security,
• RFC 2276 Architectural Principles of Uniform Resource Name Resolution - Security,
• RFC 2350 Expectations for Computer Security Incident Response - Security,
• RFC 2386 A Framework for QoS-based Routing in the Internet - Security,
• RFC 2505 Anti-Spam Recommendations for SMTP - Security,

Security Technology Documents

Alternative Technologies

    Networking Technologies

• Internet Protocol Version 6 (IPV6) - Configuration,
• Open Shortest Path First (OSPF) Routing Protocol - Configuration,
• Border Gateway Protocol (BGP) - Configuration,
• Internet Group Management Protocol (IGMP) - Configuration,
• Distance Vector Multicast Routing Protocol (DVMRP) - Configuration,
• Multicast Open Shortest Path (MOSPF) routing protocol - Configuration,
• Protocol Independent Multicast-Sparse Mode (PIM-SM) - Configuration,
• Core-Based Tree (CBT) multicast routing - Configuration,

    IP-based Transport Protocols

• Stream Control Transmission Protocol (SCTP) - Configuration,
• Datagram Congestion Control Protocol (DCCP) - Configuration,
• Real-Time Transport Protocol (RTP) - Configuration,

    Link Layer and Physical Technologies

• Hubs/Repeaters - Configuration,
• Bridges/Switches - Configuration,
• Routers - Configuration,
• Digital Signal (DSx), Time-division multiplexing, the T-carriers, T1, fractional T1 - Configuration,
• Frame Relay - Configuration,

    Wireless Technologies

• Radio Frequency Identification (RFID) - Data Management

    Virtual Private Networking Technologies

• Layer 3 VPNs - Security,
• Layer 2 VPNs - Security,
• PPTP - Security,

    Computer Systems Related Technologies

• CORBA and CORBA Services - Data Management
• Web Services Description Language (WSDL) - Data Management
• Enterprise Java Beans (EJB) - Data Management

    General Internet and De Facto Data Management Technologies

• Hypertext Markup Language (HTML) - Data Management
• RDF - Data Management

Alternative Best Practices

    Security Frameworks and Policy Documents

• ISO/IEC 10181-7:1996 Information technology -- Open Systems Interconnection -- Security frameworks for open systems: Security audit and alarms framework - Security,

    ISO/IEC Documents on Security Technologies

• ISO/IEC 7816-1:1998 Identification cards -- Integrated circuit(s) cards with contacts -- Part 1: Physical characteristics - Security,
• ISO/IEC 7816-3:1997 Information technology -- Identification cards -- Integrated circuit(s) cards with contacts -- Part 3: Electronic signals and transmission protocols - Security,
• ISO/IEC 7816-3:1997/Amd 1:2002 Electrical characteristics and class indication for integrated circuit(s) cards operating at 5 V, 3 V and 1,8 V - Security,
• ISO/IEC 7816-4:1995 Information technology -- Identification cards -- Integrated circuit(s) cards with contacts -- Part 4: Inter-industry commands for interchange - Security,
• ISO/IEC 7816-4:1995/Amd 1:1997 secure messaging on the structures of APDU messages - Security,
• ISO/IEC 7816-5:1994 Identification cards -- Integrated circuit(s) cards with contacts -- Part 5: Numbering system and registration procedure for application identifiers - Security,
• ISO/IEC 7816-7:1999 Identification cards -- Integrated circuit(s) cards with contacts -- Part 7: - Security,
• ISO/IEC 7816-8:1999 Identification cards -- Integrated circuit(s) cards with contacts -- Part 8: Security related - Security,
• ISO/IEC 7816-9:2000 Identification cards -- Integrated circuit(s) cards with contacts -- Part 9: Additional - Security,
• ISO/IEC 7816-10:1999 Identification cards -- Integrated circuit(s) cards with contacts -- Part 10: Electronic signals and answer to reset for synchronous cards - Security,
• ISO/IEC 7816-11:2004 Identification cards -- Integrated circuit cards -- Part 11: Personal verification through biometric methods - Security,
• ISO/IEC 7816-15:2004 Identification cards -- Integrated circuit cards with contacts -- Part 15: Cryptographic information application - Security,
• ISO 9735-9:2002 Electronic data interchange for administration, commerce and transport (EDIFACT) -- Application level syntax rules (Syntax version number: 4, Syntax release number: 1) -- Part 9: Security key - Security,
• ISO/IEC 9594-8:1998 Information technology -- Open Systems Interconnection -- The Directory: Authentication framework - Security,
• ISO/IEC 9594-8:2001 Information technology -- Open Systems Interconnection -- The Directory: Public-key and attribute certificate frameworks - Security,
• ISO 9735-5:2002 Electronic data interchange for administration, commerce and transport (EDIFACT) -- Application level syntax rules (Syntax version number: 4, Syntax release number: 1) -- Part 5: Security rul - Security,
• ISO/IEC 10164-9:1995 Information technology -- Open Systems Interconnection -- Systems Management: Objects and attributes for access control - Security,
• ISO/IEC 10181-1:1996 Information technology -- Open Systems Interconnection -- Security frameworks for open systems: Overview - Security,
• ISO/IEC 10181-2:1996 Information technology -- Open Systems Interconnection -- Security frameworks for open systems: Authentication framework - Security,
• ISO/IEC 10181-3:1996 Information technology -- Open Systems Interconnection -- Security frameworks for open systems: Access control framework - Security,
• ISO/IEC 10181-4:1997 Information technology -- Open Systems Interconnection -- Security frameworks for open systems: Non-repudiation framework - Security,
• ISO 10202-1:1991 Financial transaction cards -- Security architecture of financial transaction systems using integrated circuit cards -- Part 1: Card life cycle - Security,
• ISO 10202-7:1998 Financial transaction cards -- Security architecture of financial transaction systems using integrated circuit cards -- Part 7: Key management - Security,
• ISO 10202-8:1998 Financial transaction cards -- Security architecture of financial transaction systems - Security,
• ISO/IEC TR 13335-1:1996 Information technology -- Guidelines for the management of IT Security -- Part 1: Concepts and models for IT Security - Security,
• ISO/IEC TR 13335-2:1997 Information technology -- Guidelines for the management of IT Security -- Part 2: Managing and planning IT Security - Security,
• ISO/IEC TR 13335-5 Information technology - Guidelines for the management of IT Security - Part 5: Management guidance on network security - Security,
• ISO/IEC 13888-1:1997 Information technology -- Security techniques -- Non-repudiation -- Part 1: General - Security,
• ISO/IEC 13888-2:1998 Information technology -- Security techniques -- Non-repudiation -- Part 2: Mechanisms using symmetric techniques - Security,
• ISO/IEC 13888-3:1997 Information technology -- Security techniques -- Non-repudiation -- Part 3: Mechanisms using asymmetric techniques - Security,
• ISO/IEC 15408-1:1999 Information technology -- Security techniques -- Evaluation criteria for IT security -- Part 1: Introduction and general mode - Security,
• ISO/IEC 15408-2:1999 Information technology -- Security techniques -- Evaluation criteria for IT security -- Part 2: Security functional requirements - Security,
• ISO/IEC 15408-3:1999 Information technology -- Security techniques -- Evaluation criteria for IT security -- Part 3: Security assurance requirements - Security,
• ISO/IEC 17799:2000 Information technology -- Code of practice for information security management - Security,
• ISO JTC1 SC37 1.37.19784.1 BioAPI - Biometric Application Programming Interface - Security,
• ISO JTC1 SC37 1.37.19794 - Biometric Data Interchange Format - Security,
• ISO JTC1 SC37 1.37.19794.3 Biometric Data Interchange Format - Part 3: Finger Pattern Spectral Data - Security,
• ISO JTC1 SC37 1.37.19794.4 Biometric Data Interchange Format - Part 4: Finger Image Data - Security,
• ISO JTC1 SC37 1.37.1974.5 Biometric Data Interchange Format - Part 5: Face Image Data - Security,

    Federal Documents on Security Technologies

• - Security,
• FIPS 197 Federal Information Processing Standards Publication 197, Specification for the Advanced Encryption Standard (AES) - Security,

    IETF Internet Requests for Comments (RFCs) on Security Technologies

• RFC 1004 Distributed-protocol authentication scheme - Security,
• RFC 1507 DASS - Distributed Authentication Security Service - Security,
• RFC 1579 Firewall-Friendly FTP - Security,
• RFC 1826 IP Authentication Header - Security,
• RFC 1827 IP Encapsulating Security Payload (ESP) - Security,
• RFC 1968 The PPP Encryption Control Protocol (ECP) - Security,
• RFC 2040 The RC5, RC5-CBC, RC5-CBC-Pad, and RC5-CTS Algorithms - Security,
• RFC 2045 Multi-Purpose Internet Mail Extensions (MIME) and Secure/MIME - Security,
• RFC 2086 IMAP4 ACL extension - Security,
• RFC 2093 Group Key Management Protocol (GKMP) Specification - Security,
• RFC 2228 FTP Security Extensions - Security,
• RFC 2230 Key Exchange Delegation Record for the DNS - Security,
• RFC 2244 ACAP -- Application Configuration Access Protocol - Security,
• RFC 2246 The TLS Protocol Version 1.0 - Security,
• RFC 2313 PKCS #1: RSA Encryption Version 1.5 - Security,
• RFC 2315 PKCS #7: Cryptographic Message Syntax Version 1.5 - Security,
• RFC 2356 Sun's SKIP Firewall Traversal for Mobile IP - Security,
• RFC 2406 IP Encapsulating Security Payload (ESP) - Security,
• RFC 2437 PKCS #1: RSA Cryptography Specifications Version 2.0 - Security,
• RFC 2440 OpenPGP Message Format - Security,
• RFC 2408 Internet Security Association and Key Management Protocol (ISAKMP) - Security,
• RFC 2409 The Internet Key Exchange (IKE) - Security,
• RFC 2459 Internet X.509 Public Key Infrastructure Certificate and CRL Profile - Security,
• RFC 2510 Internet X.509 Public Key Infrastructure Certificate Management Protocols - Security,
• RFC 2511 Internet X.509 Certificate Request Message Format - Security,
• RFC 2527 Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework - Security,
• RFC 2547 BGP/MPLS VPNs - Security,
• RFC 2560 X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP - Security,
• RFC 2764 A Framework for IP Based Virtual Private Networks - Security,
• RFC 2753 A Framework for Policy-based Admission Control - Security,
• RFC 2797 Certificate Management Messages over CMS - Security,
• RFC 2817 Upgrades to TLS within HTTP/1.1 - Security,
• RFC 2818 HTTP over TLS (HTTPS) - Security,
• RFC 2865 Remote Authentication Dial In User Service (RADIUS) - Security,
• RFC 2869 RADIUS Extensions - Security,
• RFC 2874 DNS Extensions to Support IPv6 Address Aggregation and Renumbering - Security,
• RFC 2875 - Security,
• RFC 2888 Secure Remote Access with L2TP - Security,
• RFC 2898 PKCS #5: Password-Based Cryptography Specification Version 2.0 - Security,
• RFC 2946 Telnet Data Encryption Option - Security,
• RFC 2977 Mobile IP Authentication, Authorization, and Accounting Requirements - Security,
• RFC 2979 Behavior of and Requirements for Internet Firewalls - Security,
• RFC 2985 PKCS #9: Selected Object Classes and Attribute Types Version 2.0 - Security,
• RFC 3268 Advanced Encryption Standard (AES) Ciphersuites for Transport Layer Security (TLS) - Security,
• RFC 3280 Algorithms and Identifiers for the Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile - Security,
• RFC 3369 Cryptographic Message Syntax (CMS) - Security,
• RFC 3370 Cryptographic Message Syntax (CMS) Algorithms - Security,
• RFC 3447 Public-Key Cryptography Standards (PKCS) #1: RSA Cryptography Specifications Version 2.1 - Security,
• RFC 3647 Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework - Security,

    Other Security Technolog

• IEEE 802.11b Web Encryption Protocol - Security,
• IEEE 802.11i Security for Wireless Networks - Security,
• RSA Documents on Security Technologies - Security,
• RSA PKCS #8 Private-Key Information Syntax Standard - Security,
• RSA PKCS #12 Personal Information Exchange Syntax Standard, version 1.0. - Security,
• OASIS Documents on Security Technologies - Security,
• WC3 XML Key Management Specification (XKMS 2.0) Bindings - Security,
• AGA-12 Cryptographic Protection of SCADA Communications General Recommendations. - Security,
• ANSI INCITS 359-2004 Role Based Access Control (RBAC) - Security,
• EPRI 1002596 ICCP TASE.2 Security Enhancements - Security,
• NERC Certificate Policy for the Energy Market Access and Reliability Certificate (e MARC) Program Version 2.4 - Security,
• NIST GSC-IS The NIST Interagency Report 6887 - 2003 edition (Government Smart Card-Interoperability Specification) Version 2.1 - Security,
• NISTIR 6529 Common Biometric File Format (CBEFF) - Security,
• Smart Card Alliance Smart Card Primer - Security,
• Smart Card Alliance Privacy and Secure Identification Systems: The Role of Smart Cards as a Privacy-Enabling Technology - Security,
• Smart Card Alliance Government Smart Card Handbook - Security,
• WebDAV Access Control Extensions to WebDAV - Security,
• WPA WI-FI Protected Access - Security,
• WPA2 WI-FI Protected Access Version 2 - Security,
• TMN PKI - Digital certificates and certificate revocation lists profiles - Security,

Possible Technologies

    Networking Technologies

• Intermediate System to Intermediate System (ISIS) Routing Protocol - Configuration,
• Routing Information Protocol (RIP) - Configuration,