[security-area] FI-RG charter
Leon Gommans
lgommans at science.uva.nl
Fri May 13 08:30:15 CDT 2005
Just to inform you: below charter is now with our AD's as final
charter proposal for the firewall issues research group after
comments of GGF13 have been considered.
Our AD's are taking this charter to the GFSG
-----
Firewall Issues Research Group (FI-RG).
Chairs: Leon Gommans, Inder Monga
Area Directors: Olle Mulmo, Dane Skow
Mailing list: (requested as) fi-rg at ggf.org
Description of Work:
Grids increasingly require application driven transport privileges from the
network. As such, the network is asked to enforce policy decisions on behalf
of various entities participating in an application. For this purpose, the
network employs functions such as firewalls, network address translators,
application level gateways, VPN style gateways etc.
The research group will first document the type of issues that Grid
applications experience when the need arises to control data transport
policy enforcement devices. Some examples are highlighted in GFD.37. Once
the types of issues have been identified, the group will relate these
issues to specific categories of enforcement devices.
The first group of devices falls into the category the IETF refers to as
"middle-boxes". The group will deliver a document that will analyze and
categorize scenario's using existing IETF protocols, architectures and
frameworks. The analyses will also try to identify functionalities for
which the current state of technology appears not to provide solutions
for the Grid.
The work to be considered includes the work of the following IETF groups:
* midcom - "middlebox" communication:
http://www.ietf.org/html.charters/midcom-charter.html
* aft - Authenticated Firewall Traversal:
http://www.ietf.org/html.charters/aft-charter.html
* nsis – Next Steps in Signaling:
http://www.ietf.org/html.charters/nsis-charter.html
Subsequent area's of research will include the description and evaluation
of below category of devices:
* Application Level Gateways.
* Host based firewall functions.
* VPN style gateways.
Existing documents from the grid community will be used as starting point.
Relevant output of this Research Group will be brought to the attention
of the IETF via the GGF liaison to the IETF.
Goals and Milestones:
Submit informational documents that describe:
1) An inventory of the type of issues when Grid jobs have to
deal with middle-box functions, application level gateways,
VPN style gateways, etc.
Describe and classify the issues in document #1
2) An evaluation of existing IETF middle-box (signaling-)
protocols and functions. Recognize possible limitations and
produce a list of requirements towards the IETF in document #2
3) An evaluation of approaches and solutions such as application
level gateways, host based firewalls, VPN style gateways etc.
Capture results in document #3
GGF13: Charter discussion and group volunteers (done).
GGF14: Collection of existing documents with Group discussions
GGF15: First draft of document #1 and Group discussions.
GGF16: WG-last call and submission of document #1.
Draft of document #2 and group discussions
GGF17: WG last-call and final submission of document #2.
GGF18: Draft document #3 and group discussions.
GGF19: 2nd draft of document #3 with group discussions.
GGF20: WG last-call and final submission of document #3.
More information about the security-area
mailing list