Security extensions, such as those provided by BPSec, are one portion of a larger security ecosystem. The construction of a trusted network supporting secured information exchange requires multiple portions of the BPv7 ecosystem to work together to achieve desired security outcomes.

This chapter defines the concept of a security outcome as a system-level expression of desired security behavior coupled with the policy, configuration, block definitions, and security context capabilities that must work together to achieve that outcome.

After reading this chapter you will be able to:

13.1 Security Outcomes

The overall purpose of a security policy is to achieve some set of security outcomes for message exchange in a network. These outcomes, as expressions of operational capabilities, can be very similar even across networks exhibiting very different behaviors and capabilities. In that context, security outcomes provide the approach necessary for trusted bundle exchange in any of the networking environments in which BPv7 might be deployed.