[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [ggf-ogsa-sec-wg] GGF7 BOF REQUEST - OGSA Firewall Interoperability WG
There is also work going on in DMTF in a new WG (Security Protection and
Management) regarding firewalls, anti-virus, intrusion detection
services, etc. It is just starting up, but may have some items to
report.
Andrea
-----Original Message-----
From: owner-ogsa-sec-wg@gridforum.org
[mailto:owner-ogsa-sec-wg@gridforum.org] On Behalf Of Brian E Carpenter
Sent: Wednesday, February 12, 2003 2:44 AM
To: ksankar@cisco.com
Cc: security-wg@gridforum.org; ogsa-sec-wg@gridforum.org
Subject: Re: [ggf-ogsa-sec-wg] GGF7 BOF REQUEST - OGSA Firewall
Interoperability WG
Krishna,
I'm not sure what's specific to OGSA about firewall traversal, so I
suggest that you start by having someone report on the various
firewall-friendly and firewall-traversal activities in the IETF, notably
MIDCOM. The initial emphasis there is on SIP traversal, but the
intention is much more general.
Brian
Krishna Sankar wrote:
>
> FYI. Don't know if we will get the BOF. Would appreciate comments and
> insight.
>
> Once again, pardon me for the spam - am not sure if the membership on
> security-wg and ogsa-sec-wg intersect or if one is a subset of the
> other.
>
> cheers
>
> -----Original Message-----
> From: Krishna Sankar [mailto:ksankar@cisco.com]
> Sent: Monday, February 10, 2003 5:14 PM
> To: 'humphrey@cs.virginia.edu'; 'tuecke@mcs.anl.gov'
> Cc: 'wejohnston@lbl.gov'; 'mulmo@pdc.kth.se'; 'Dane D. Skow'
> Subject: GGF7 BOF REQUEST - OGSA Firewall Interoperability WG
>
> Title : OGSA Firewall Interoperability WG
> -------
>
> Synopsis:
> ---------
>
> The OGSA Firewall Interoperability specification has been
> identified as one of the specifications required by the OGSA SEC
> Roadmap. The discussions at this BOF would revolve around forming a wg
> to develop the specification.
>
> The issues are not just interoperability but just operability
> in an enterprise environment ! The corporate infosec review of a grid
> implementation needs to be addressed, the threats and vulnerabilities
> of grid in the organization's perimeter need to be articulated and
> risk mitigations need to be detailed.
>
> The initial thoughts are, we would need to address the
> following topics in this wg.
>
> a) Firewall traversal,
> b) Authenticating Firewall and
> c) Infosec issues on deploying grid
> d) The relevance of WS-XXXXX proposals in this effort
>
> We could position the OGSA Firewall Interoperability layer as
> one of the secure road way of the grid technology into enterprises.
> But we need to articulate crisply the mechanisms, protocols, threats,
> vulnerabilities and solutions.
>
> The road map document says "WS specifications that can
> potentially be leveraged are WS-Routing, WS-Referral and WS-Policy.
> [WS_ROUTING, WS-REFERRAL, WS-POLICY]". We need to take a look at the
> current state of these proposals (am not sure the WS-REFERRAL is alive
> anymore) and other related proposals - most probably WS-SECURITY and
> WS-SECURITY-POLICY would be relevant here.
>
> Other interested parties :
> --------------------------
>
> Have contacted William Johnson from LBNL/Berkeley. He had a
> good presentation on the security issues of a grid deployment. He has
> replied expressing limited interest.
>
> Cheers
> ------------------------------------------------------------
> | | Krishna Sankar
> :|: :|: Distinguished Engineer
> :|||: :|||:
> ..:|||||||:..:|||||||:.. (Ph) 408-853-8475
> Cisco Systems Inc ksankar@cisco.com
> ------------------------------------------------------------
> "None of us is as smart as all of us"
> ------------------------------------------------------------