The following is the second post in a series of excerpts from NCP engineering‘s technical white paper, Automated Mobile Security: Leveraging Trusted Network Connect (TNC) IF-MAP to provide automated security for company networks and mobile devices. Part one of the series can be found here.
WHAT IS IF-MAP ?
IF-MAP stands for InterFace for Metadata Access Points. You can think of IF-MAP as a central database for your IT-systems where they can store information or retrieve information from to get a real-time representation of the status of your network.
There are three basic functionalities an IF-MAP enabled component can do:
► Publish: Clients can store information for other clients to see
► Search: Clients can search for published data using search patterns
► Subscribe: Clients can receive notification when other clients publish new data
To store information in the MAP there are two different data types available: Identifiers and Metadata. Identifiers act as “root hub” for information stored in the IF-MAP. There are only 5 identifiers available: Identity, IP address, MAC address, Access Request and Device. The other type of data is metadata, which has to be linked to at least one identifier but can also connect two identifiers. Each client has to authenticate itself securely to the MAP Server either with username and password or certificate based authentication. All data is transmitted safely with SSL encryption.
Now that IF-MAP has been explained, stay tuned for the next post that dives into ESUKOM in more detail. Also, for more information on the ESUKOM research project and NCP engineering’s role within it, see our three-part Q&A on the topic here.