Frequently Asked Questions
What is IF-MAP?
Who has developed IF-MAP?
What is TCG?
What is TNC?
Which versions of IF-MAP are available?
By which documents is IF-MAP specified?
What is a TPM?
Does IF-MAP make use of TPM functions?
What is the intended purpose of IF-MAP?
What benefits does the use of IF-MAP supporting products generate?
Are there products available that support IF-MAP?
Is there open source software available that implements IF-MAP?
Where can I find further information about IF-MAP?
What is IF-MAP?
IF-MAP is an open standard, client-server based protocol for sharing arbitrary metadata across arbitrary entities. Its intended purpose was to enable network devices to share security sensitive information. For this purpose, MAP clients can utilize a publish-search-subscribe mechanism in order to share metadata via a central MAP server.
Who has developed IF-MAP?
IF-MAP was developed by the Trusted Network Connect (TNC) work group of the Trusted Computing Group (TCG).
What is TCG?
The Trusted Computing Group (TCG) is an industry, not-for-profit consortium consisting of about 100 international companies. The TCG aims to develop open standards in order to increase the security of modern IT systems. The specifications that define the corresponding standards are developed by the TCG’s work groups. When they are finished, the specifications are made publicly available. One of the most prominent open standard that is defined by the TCG is the Trusted Platform Module (TPM).
What is TNC?
Trusted Network Connect (TNC) is the TCG approach for Network Access Control (NAC) solutions. TNC is a reference architecture for NAC that defines the necessary entities and the interfaces through which they are communicating in an interoperable way. IF-MAP is part of the TNC framework.
Which versions of IF-MAP are available?
The latest version of the IF-MAP specifications can be obtained from the TCG website: trustedcomputinggroup.org/tnc-if-map-metadata-network-security.
By which documents is IF-MAP specified?
Since version 2.0, IF-MAP is specified by a set of documents in order to separate the base protocol from the several, standardized types of metadata. The IF-MAP base protocol is specified in TNC IF-MAP Binding for SOAP. Currently, there is one additional specification that defines standard metadata types for the field of network security: TNC IF-MAP Metadata for Network Security.
What is a TPM?
A Trusted Platform Module (TPM) is a hardware-chip that offers arbitrary cryptographic functionalities. It is normally soldered on a platform (PC, laptop). In addition to functions that support asymmetric cryptography, a random number generator and a SHA-1 hash engine, a TPM also offers a set of registers that can capture the current hardware and software configuration of the corresponding platform (Platform Configuration Registers, PCRs). Furthermore, a TPM also features functions in order to securely attest these PCRs to a remote party.
Does IF-MAP make use of TPM functions?
No. IF-MAP is completely independent from any function provided by a TPM. However, data that is associated to a TPM can be exchanged by using IF-MAP.
What is the intended purpose of IF-MAP?
The original use case was about network security. The goal was to integrate arbitrary network security tools (like NAC solutions, Firewalls, IDS, …) via IF-MAP, thus easing their configuration and extending their functionality. However, in turns out that IF-MAP can also provide benefit to other use cases that do not have anything to do with network security. That’s why the TCG decided to separate the use case independent base protocol from the use case dependent metadata specifications with IF-MAP 2.0. This ensures that new metadata specifications can easily be developed without touching the base protocol spec.
What benefits does the use of IF-MAP supporting products generate?
The actual benefit can only be evaluated depending on the actual application scenario. IF-MAP was developed with a network security related application scenario in mind. In terms of network security, IF-MAP can provide the following benefits:
- Integration of existing security systems by a standardized, interoperable network interface
- Avoidance of isolated data silos within a network infrastructure
- Extended functionality of existing security tools (for example automatic responses on detected intrusions, identity-based configuration of packet filters)
- No vendor lock-in
Are there products available that support IF-MAP?
Yes, although the full potential of IF-MAP cannot be exploited yet. IF-MAP as it is used today primarily eases the configuration of available network services. Correlation and analysis of the metadata set that is managed by MAP servers has not been adopted so far. Products that implement IF-MAP are currently available from the following, american companies:
- Infoblox
- Juniper
- Lumeta
- Great Bay
- Insightix
- Hirsch Electronics
- Byres Security
Within the ESUKOM research project, the German companies macmon and NCP Engineering add IF-MAP functions to their products.
Is there open source software available that implements IF-MAP?
Yes, there are numerous open source projects that address IF-MAP:
- irond – an IF-MAP 2.0 server from the Trust@FHH group, written in Java
- omapd – an IF-MAP 2.0 and 1.1 server from David Mattes, written in C++
- libifmap2c – an IF-MAP 2.0 library from Arne Welzel, written in C++
- ifmap.js – an IF-MAP 1.1 library from Andrew Benton, written in JavaScript
Where can I find further information about IF-MAP?
Feel free to visit the following websites: