[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ggf-ogsa-sec-wg] GGF7 BOF REQUEST - OGSA Firewall Interoperability WG

To: <security-wg@gridforum.org>, <ogsa-sec-wg@gridforum.org>
Subject: [ggf-ogsa-sec-wg] GGF7 BOF REQUEST - OGSA Firewall Interoperability WG
From: "Krishna Sankar" <ksankar@cisco.com>
Date: Tue, 11 Feb 2003 11:25:22 -0800
Importance: Normal
Reply-To: <ksankar@cisco.com>
Sender: owner-ogsa-sec-wg@gridforum.org

FYI. Don't know if we will get the BOF. Would appreciate comments and
insight.

Once again, pardon me for the spam - am not sure if the membership on
security-wg and ogsa-sec-wg intersect or if one is a subset of the
other.

cheers


-----Original Message-----
From: Krishna Sankar [mailto:ksankar@cisco.com] 
Sent: Monday, February 10, 2003 5:14 PM
To: 'humphrey@cs.virginia.edu'; 'tuecke@mcs.anl.gov'
Cc: 'wejohnston@lbl.gov'; 'mulmo@pdc.kth.se'; 'Dane D. Skow'
Subject: GGF7 BOF REQUEST - OGSA Firewall Interoperability WG


Title : 	OGSA Firewall Interoperability WG
-------

Synopsis:
--------- 

	The OGSA Firewall Interoperability specification has been
identified as one of the specifications required by the OGSA SEC
Roadmap. The discussions at this BOF would revolve around forming a wg
to develop the specification.

	The issues are not just interoperability but just operability in
an enterprise environment ! The corporate infosec review of a grid
implementation needs to be addressed, the threats and vulnerabilities of
grid in the organization's perimeter need to be articulated and risk
mitigations need to be detailed.

	The initial thoughts are, we would need to address the following
topics in this wg.

	a) Firewall traversal, 
	b) Authenticating Firewall and 
	c) Infosec issues on deploying grid
	d) The relevance of WS-XXXXX proposals in this effort

	We could position the OGSA Firewall Interoperability layer as
one of the secure road way of the grid technology into enterprises. But
we need to articulate crisply the mechanisms, protocols, threats,
vulnerabilities and solutions. 

	The road map document says "WS specifications that can
potentially be leveraged are WS-Routing, WS-Referral and WS-Policy.
[WS_ROUTING, WS-REFERRAL, WS-POLICY]". We need to take a look at the
current state of these proposals (am not sure the WS-REFERRAL is alive
anymore) and other related proposals - most probably WS-SECURITY and
WS-SECURITY-POLICY would be relevant here.
		
Other interested parties :
--------------------------

	Have contacted William Johnson from LBNL/Berkeley. He had a good
presentation on the security issues of a grid deployment. He has replied
expressing limited interest. 

Cheers
------------------------------------------------------------
       |          |             Krishna Sankar
      :|:        :|:            Distinguished Engineer
     :|||:      :|||:           
 ..:|||||||:..:|||||||:..       (Ph) 408-853-8475
    Cisco  Systems Inc          ksankar@cisco.com
------------------------------------------------------------
"None of us is as smart as all of us"
------------------------------------------------------------

Follow-Ups:
- Re: [ggf-ogsa-sec-wg] GGF7 BOF REQUEST - OGSA Firewall Interoperability WG
  - From: Brian E Carpenter <brian@hursley.ibm.com>

Prev by Date: [ggf-ogsa-sec-wg] GGF7 BOF REQUEST - Security Policy Expression, Exchange and Processing WG
Next by Date: Re: [ggf-ogsa-sec-wg] GGF7 BOF REQUEST - OGSA Firewall Interoperability WG
Prev by thread: [ggf-ogsa-sec-wg] GGF7 BOF REQUEST - Security Policy Expression, Exchange and Processing WG
Next by thread: Re: [ggf-ogsa-sec-wg] GGF7 BOF REQUEST - OGSA Firewall Interoperability WG
Index(es):
- Date
- Thread