[fi-rg] GGF14 and call tomorrow

[Inder Monga]

Thanks Ralph!
 
June is the right date :) I am getting ahead of myself.
 
Please let Leon or me know if you are going to join tomorrow so we can make
sure there are enough ports on the bridge.
 
Inder

-----Original Message-----
From: owner-fi-rg at ggf.org [mailto:owner-fi-rg at ggf.org] On Behalf Of Ralph
Niederberger
Sent: Monday, June 20, 2005 3:45 AM
To: Fi-rg at ggf.org
Subject: Re: [fi-rg] FW: [security-area] Input for GGF-14


hello,

unfortunately I will be out of office at Tuesday, June 21th  (btw. you meant
June not July I think (;-) ).
 
Nevertheless I also think that the structure is ok. The subsection
concerning "list of possible solution" Thijs mentioned I think is already
included or can be included into the Classification chapter, where we
segment grid applications known to "firewall devices" available and where we
should have a section 'Applications not solved by current "firewall devices"
on the market'. 
 
I could contribute with a chapter on high speed firewalls and loadbalancing
firewalls available today. 

I will be available in Chicago at GGF14.
 
And here is a little bit input for things to be considered:

"Most sites secure their common external network connections by conventional
firewalls. Current policies allow grid applications to traverse these
firewalls by specifying access lists opening special ports or port ranges.
Often application gateways are used also.Using application level gateways
provides a way to minimize administrative activities configuring firewalls
by automating routine work. They fail where high performance data
connections are needed. Most of the currently available firewall systems
cannot be used, if applications want to transfer data at gigabit or
multi-gigabit per second speed. Application level firewalls will hinder
transmissions in those scenarios.

Dynamic firewalls provide a way for automatic configuration through a
management instance. Human interaction leading to delayed execution of
configuration will be avoided. Special protocols for authentication and
authorization are under development currently. Nevertheless,  these dynamic
firewalls cannot deal with high bandwidth demands.

High speed firewalls, load balancing firewalls, firewall farms, and
alternative firewall concepts are on the way. Currently available new
firewall systems allow data transfers up to 10 Gb/s, but are not able to
handle multiple 10 Gb/s connections. Load balancing firewalls are helpful
having a huge amount of small data streams, but cannot cope with a single
high bandwidth data communication or special traffic classes. New firewall
paradigms have to be developed in the future dealing with such scenarios. It
will be of main interest to foster such developments giving input to the
designers what high speed applications really need, how they are designed
and how they should interact with these firewall resources." 

Regards

Ralph

**************************************************
 
 Ralph Niederberger          
 
 Research Center Juelich
 Central Institute for Applied Mathematics
 John von Neumann Institute for Computing
 D-52425 Juelich
 
 Forschungszentrum Jülich GmbH
 Zentralinstitut für Angewandte Mathematik
 John von Neumann Institut für Computing
 D-52425 Jülich
 
 Tel.: +49 2461 61 4772                    
 E-Mail: R.Niederberger at fz-juelich.de <mailto:R.Niederberger at fz-juelich.de> 
 


----- Original Message ----- 
From: Inder Monga <mailto:imonga at nortel.com>  
To: 'Fi-rg at ggf.org' <mailto:'Fi-rg at ggf.org'>  
Cc: 'Leon Gommans' <mailto:lgommans at science.uva.nl>  
Sent: Friday, June 17, 2005 7:57 PM
Subject: [fi-rg] FW: [security-area] Input for GGF-14


Hi All, 

Thanks for the interest shown to join the FI-RG project group. 

This is a follow-up to the request Leon sent before on the write-ups before
the upcoming GGF meeting. Leon and I are proposing a 1 hour telecon next
week to sync up and stir up conversations before the GGF so that the f2f
meeting in Chicago is even more productive.

The agenda for the meeting would be: 
1. Introduction/comments on charter                             10 mts 
2. Agenda for the upcoming GGF Meeting 
        Discuss ideas for contributions/presentations           20 minutes 
3. Discussion on the scope and structure of Document #1         20 minutes 

The proposed date/time is Tue, July 21st at 15:00 UST, 11AM EST, 8 AM PST,
17:00 CEST. 
The telecon bridge details are: 

PSTN Dial-in: 919-997-8152 
Access Code: 2488101# 

Please let Leon or me know your availability, comments on the proposed
agenda.. 

Best regards, 
Inder 


-----Original Message----- 
From: owner-security-area at ggf.org [mailto:owner-security-area at ggf.org
<mailto:owner-security-area at ggf.org> ] On Behalf Of Leon Gommans 
Sent: Friday, June 03, 2005 3:41 AM 
To: fi-rg at ggf.org 
Cc: security-area at ggf.org 
Subject: [security-area] Input for GGF-14 


GGF-14 is approaching fast. It took us some time and 
further discussions to get the charter approved by the GFSG however
everything is now arranged. The mailing list and gridforge
(https://forge.gridforum.org/projects/fi-rg
<https://forge.gridforum.org/projects/fi-rg> ) has now been setup for the
group. We still need to be listed on the index pages on the GGF web, however
this is being looked at.

If you like to contribute to our group, please send Inder Monga 
(imonga at nortel.com) a memo so he can add you to our project. 

Before GGF-14 I like to have some structure on the first chartered document.
This document should address the type of issues the grid experiences with
several types of firewall-style devices.

A possible structure of the document could be: 

Name: Firewall Issues list and classification. 

1. Introduction. 
2. Definitions. 
Definition of terms used in the document. 
3. Devices. 
Listing and describing the functionalities of various firewall-style devices
to be considered. 4. Issues. Listing and describing the types of issues with
examples grid applications see with using devices listed in chapter 3. This
chapter may do this 

arranged by 
example. A structure will be analysed in chapter 5. 
5. Classification. 
A classification and analsyses of the issues described. 
6. Conclusions. 

Please feel free to comment on the name of the document and above structure.


If you consider the charter, subsequent documents will analyse various 
standards and 
mechanisms, define shortcommings and maybe solutions. First we look at 
IETF protocols 
and architectures. Another document will consider the other mechanisms. 

Please consider sending me a few lines on the issues you think a important
to be covered in this document.  Consider this as input to chapters 3 and 4.
Together with the input presented at the last GGF we should try to put some
already meat on this document before GGF14.

Kind regards .. Leon Gommans. 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.ogf.org/pipermail/fi-rg/attachments/20050620/f3bcd833/attachment.html