OGF20-FIRG.ppt
Upcoming SlideShare
Loading in...5
×
 

OGF20-FIRG.ppt

on

  • 280 views

 

Statistics

Views

Total Views
280
Views on SlideShare
280
Embed Views
0

Actions

Likes
0
Downloads
0
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

OGF20-FIRG.ppt OGF20-FIRG.ppt Presentation Transcript

  • Firewall Issues Research Group OGF 20 - Manchester, UK - May 9 2007. Chairs: Inder Monga, Ralph Niederberger, Leon Gommans
  • Agenda
    • IPR notice & signup sheet
    • Agenda bashing and FNT
    • Welcome Ralph Niederberger
    • Work Status - Leon Gommans
    • Progress on document #2 - Thijs Metch
    • Interaction Data Management Tools - Gian Luca Volpato
    • gridftp charter item - Ralph Niederberger.
  • FI-RG Goals
    • Study barriers and propose solutions to inter-organization grid deployment due to mid-boxes managed by varied administrative domains
      • Firewalls
      • NATs
      • VPN gateways
      • Application-level gateways …
    • Collect use-cases, classify issues, existing and new solutions, gap-analysis, research...
    Enthuse standards, explore grid-friendly solutions and influence vendor implementations
  • Group Progress vs Charter
    • An inventory of the type of issues when Grid jobs have to deal with middle-box functions, application level gateways, VPN style gateways, etc. Describe and classify the issues in document #1
      • Published as GFD-I.083
    • An evaluation of existing middle-box (signaling-) protocols and functions. Recognize possible limitations and produce a list of requirements
      • What is the deployment story? Reasons why these are not well deployed
      • Formal document started, solliciting more contributions.
    • An evaluation of approaches and solutions such as application level gateways, host based firewalls, VPN style gateways etc.
      • Intent is to apply solutions to use-cases and do a “gap-analysis”
  • Document Relationships Grid Firewall Issues & Analyses Grid community Existing Solutions Description & Analyses Emerging New Solutions Description & Analyses Document #1 Documents 2&3 Vendor Community Vendor Community Research & Vendor Community 
  • Document Relationships Grid Firewall Issues & Analyses Grid community Existing Solutions Description & Analyses Emerging New Solutions Description & Analyses Document #1 Documents 2&3 Vendor Community Vendor Community Research &  Vendor Community
  • Group Milestones
    • GGF13: Charter discussion and group volunteers (done).
    • GGF14: Collection of existing documents with Group discussions (done)
    • GGF15: First draft of document #1 and Group discussions. (done)
    • GGF 16: RG-last call and submission of document #1.
    • GGF 17: RG last-call for use-cases document. Discussion on solutions document. (done)
    • GGF 18: Submit use-case document for public comment. Form and initiate solutions draft team (done)
    • OGF 19: Use-cases document published. Continue discussions and contributions to solutions draft
    • OGF 20: First draft of solutions and requirements draft
    • OGF21: Finalize solutions for public comment, initiate gap analysis and standardization opportunities
    • OGF 22: Publish solutions drafts, Gap analysis between standards and solution requirements
    • OGF 23: Publish gap analysis and start standardization activity (in OGF or other)
  • Current recognition
    • Grid applications, its administrators and its user groups have to deal with security services not under their direct control (ex. The Firewall)
    • Multiple solutions are proposed and implemented in research community, which provides dynamic firewall brokering such as:
      • CODO - Cooperative On-Demand Opening (UoW/ANL)
      • Dyna-fire - Port knocking (U at Buffalo)
      • Token mechanisms for Optical connections (UvA)
      • FI-RG Wiki pages for more details
    • Will firewalls move to one implementation model even if standardized?
      • At least not in the next 3 years
  • Solution Approach
    • Separate firewall requirements from firewall control mechanisms, ie make the firewall simple and put complexity outside.
    • Abstract the dynamic nature and security considerations into service access methods using either a provisioning approach or signaling approach.
  • Be pragmatic
    • Look at existing grid tools and make them work with firewalls where “it hurts most” ie:
      • gridftp: should it be able to securely interact with a chain of firewalls ?
      • - work on experimental version within the context of the FI-RG.
      • or
      • - create separate WG charter?
  • Contribute
    • Mailing list: [email_address] .org
    • Projects page: https://forge.gridforum.org/sf/projects/fi-rg
    • Contacts:
      • Leon Gommans: [email_address]
      • Inder Monga: [email_address] .com
      • Ralph Niederberger: [email_address]