[Fvga-wg] Meeting minutes of OGF26 FVGA-WG session

Thijs Metsch Thijs.Metsch at Sun.COM
Tue Jun 2 08:56:27 CDT 2009 

Thanks for the minutes! I was about the write some up to...but yours are
perfectly fine!

Cheers,

-Thijs


On Mon, 2009-06-01 at 19:05 +0200, Ralph Niederberger wrote:
> Dear all,
> 
> we had a fruitful discussion at OGF26 FVGA-WG session
> last week.
> 
> Attached you will find the meeting minutes.
> 
> best regards
> 
> Ralph
> 
> 
> plain text document attachment
> (FVGA-WG.OGF26.MeetingMinutes-GroupDiscussions.txt)
> Meeting Minutes OGF26- FVGA-WG 2009-07-28
> =======================================
> 
> The FVGA-WG group discussions meeting at OGF26 had been
> scheduled for Thursday, May 28th 2009 11:00 - 12:30.
> 
> We had 13 attendees which was nearly the normal number of 
> attendees for all infrastructure meetings. 
> 
> The whole conference had 76 attendees only
> (concerning to the participants list at the OGF web page) 
> including one day participants.
> 
> At our WG we followed the proposed agenda which had been:  
> 
> a.) Agenda and Introduction 
> b.) Overview about draft FiTP protocol description
> c.) First comments to draft FiTP protocol 
> d.) How to deal with protocol extension requests 
>      
> 
> All slides can be found at:
> 
>    http://www.ogf.org/gf/event_schedule/index.php?event_id=13
> 
> or alternatively at the gridforge project pages:
> 
>    https://forge.gridforum.org/sf/docman/do/listDocuments/projects.fvga-wg/docman.root.meeting_materials.ogf26_chapelhill
> 
> a.) I provided an overview about our working group, milestones and deliverables
> 
> b.) I presented our first draft description of a protocol for dynamic opening 
>     of ports at firewalls, which is available since beginning of this year 
>     and has been first presented at OGF 25.
>     (see slides and draft protocol description for details)
> 
> c.) Since we sent this draft protocol description to OGF infrastructure and 
>     security area and some further people familiar with those issues, I informed 
>     the attendees of the meeting about the feedback received.
>     Most feedback was positive. Others provided links to other solutions 
>     which they thought could be alternatively used or where people could also be
>     interested in this material or could be interested to help to further 
>     refine our solution.
>     I have shown that all alternate solutions proposed are not applicable to 
>     solve the problems which our solution intends to tackle.
>     (see slides for details).
> 
>     From the audience: "Which benefit could web services get from this solution."
>     Since the proposed protocol would have to be integrated into the client 
>     applications or a wrapper program would have to be used, this question 
>     could not be answered directly.
>     Further research will be needed to clarify, if an integration into web 
>     services would be possible.
> 
>     Further steps:
>        1.) Get in contact with people from IETF NSIS and BEHAVE working group
>     
>        2.) Implementation of a draft client and server program and test against 
>            a Linux-Firewall (iptables based) including software for iptables-firewall 
>            to open ports dynamically (automatically).
>            A simple approach here is a perl script getting packet info from a 
>            wireshark program running on the linux firewall and reconfiguring 
>            iptables when appropriate traffic has been received (scanned).
>     
>     It will be discussed on the mailing list, who is willing to contribute 
>     programming effort and test cases.
> 
> d.) Proposing the draft protocol description in January this year, a first 
>     request for protocol extension has been received. We discussed how to deal 
>     with those requests. On the one hand those extensions could lead to a
>     broader usage of the protocol, since more application could be supported,
>     but on the other hand it makes the simple concept more complex and could
>     lead to decreasing acceptance because of security reasons (i.e. more complex
>     -> more programming errors or increased possibility to crack/hack the code).
>     We decided to keep things simple for the start and wait for acceptance before 
>     including additional features.   
>     (see slides for details).
> _______________________________________________ fvga-wg mailing list fvga-wg at ogf.org http://www.ogf.org/mailman/listinfo/fvga-wg
-- 
Thijs Metsch                        Tel: +49 (0)941 3075-122 (x60122)
http://blogs.sun.com/intheclouds
Software Engineer Grid Computing
Sun Microsystems GmbH
Dr.-Leo-Ritter-Str. 7               mailto:thijs.metsch at sun.com
D-93049 Regensburg                  http://www.sun.com

More information about the fvga-wg mailing list