Matt,
You bring up a good point.
>From my perspective, I was looking at the firewall as a function in a more
abstract way. This function could be deployed as part of the
stack/middleware (on the same host) or as an independent entity (as a
mid-box), and multiple such functions might need to be traversed. So even
though issues/solutions might be similar , I agree that we still need to
explicitly discuss these issues as related to different deployment
use-cases. Creating a generic reference diagram capturing the various
use-cases will be useful as part of the first document within the WG.
Inder
-----Original Message-----
From: owner-security-area(a)ggf.org [mailto:owner-security-area@ggf.org]
Sent: Monday, December 20, 2004 12:08 PM
To: security-area(a)ggf.org
Subject: Re: [security-area] FIG WG charter proposal
Some grid resources operate at speeds beyond the range of current
choke-point firewalls. I would like to see explicit mention in the
charter of attention to the case where the firewall function is
integral to the host. There may still be interaction with an external
policy-control service for approval of rule changes.
Matt Crawford <crawdad(a)fnal.gov>
Fermilab Computer Security Coordinator