ABSTRACT
There are many standards, policies, and guidelines that the security architect needs to be aware of as the totality of the security architecture is examined. There are a variety of RFC’s such as 2904, AAA Authorization Framework, the draft standards for SAML2.0 and XACML 3.0, as well as ISO 27005 among many others; all of which address one or more aspects of security and secure design1. What is not as clear and readily apparent in all of these standards and frameworks is what structures need to look like at the next layer down in the security architecture. Specifically, as the security architect seeks to design secure systems to address the needs of the organization, what do the logical and physical design elements of the architecture look like moving from the 50,000 foot view to the 25,000 foot view and ultimately to a ground level view of the system?
