[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [ggf-ogsa-sec-wg] GGF7 BOF REQUEST - OGSA Firewall Interoperability WG
Krishna,
I'm not sure what's specific to OGSA about firewall traversal, so
I suggest that you start by having someone report on the various
firewall-friendly and firewall-traversal activities in the
IETF, notably MIDCOM. The initial emphasis there is on SIP traversal,
but the intention is much more general.
Brian
Krishna Sankar wrote:
>
> FYI. Don't know if we will get the BOF. Would appreciate comments and
> insight.
>
> Once again, pardon me for the spam - am not sure if the membership on
> security-wg and ogsa-sec-wg intersect or if one is a subset of the
> other.
>
> cheers
>
> -----Original Message-----
> From: Krishna Sankar [mailto:ksankar@cisco.com]
> Sent: Monday, February 10, 2003 5:14 PM
> To: 'humphrey@cs.virginia.edu'; 'tuecke@mcs.anl.gov'
> Cc: 'wejohnston@lbl.gov'; 'mulmo@pdc.kth.se'; 'Dane D. Skow'
> Subject: GGF7 BOF REQUEST - OGSA Firewall Interoperability WG
>
> Title : OGSA Firewall Interoperability WG
> -------
>
> Synopsis:
> ---------
>
> The OGSA Firewall Interoperability specification has been
> identified as one of the specifications required by the OGSA SEC
> Roadmap. The discussions at this BOF would revolve around forming a wg
> to develop the specification.
>
> The issues are not just interoperability but just operability in
> an enterprise environment ! The corporate infosec review of a grid
> implementation needs to be addressed, the threats and vulnerabilities of
> grid in the organization's perimeter need to be articulated and risk
> mitigations need to be detailed.
>
> The initial thoughts are, we would need to address the following
> topics in this wg.
>
> a) Firewall traversal,
> b) Authenticating Firewall and
> c) Infosec issues on deploying grid
> d) The relevance of WS-XXXXX proposals in this effort
>
> We could position the OGSA Firewall Interoperability layer as
> one of the secure road way of the grid technology into enterprises. But
> we need to articulate crisply the mechanisms, protocols, threats,
> vulnerabilities and solutions.
>
> The road map document says "WS specifications that can
> potentially be leveraged are WS-Routing, WS-Referral and WS-Policy.
> [WS_ROUTING, WS-REFERRAL, WS-POLICY]". We need to take a look at the
> current state of these proposals (am not sure the WS-REFERRAL is alive
> anymore) and other related proposals - most probably WS-SECURITY and
> WS-SECURITY-POLICY would be relevant here.
>
> Other interested parties :
> --------------------------
>
> Have contacted William Johnson from LBNL/Berkeley. He had a good
> presentation on the security issues of a grid deployment. He has replied
> expressing limited interest.
>
> Cheers
> ------------------------------------------------------------
> | | Krishna Sankar
> :|: :|: Distinguished Engineer
> :|||: :|||:
> ..:|||||||:..:|||||||:.. (Ph) 408-853-8475
> Cisco Systems Inc ksankar@cisco.com
> ------------------------------------------------------------
> "None of us is as smart as all of us"
> ------------------------------------------------------------