Matt,

You bring up a good point.

From my perspective, I was looking at the firewall as a function in a more abstract way. This function could be deployed as part of the stack/middleware (on the same host) or as an independent entity (as a mid-box), and multiple such functions might need to be traversed. So even though issues/solutions might be similar , I agree that we still need to explicitly discuss these issues as related to different deployment use-cases. Creating a generic reference diagram capturing the various use-cases will be useful as part of the first document within the WG.

Inder

-----Original Message-----
From: owner-security-area@ggf.org [mailto:owner-security-area@ggf.org]
Sent: Monday, December 20, 2004 12:08 PM
To: security-area@ggf.org
Subject: Re: [security-area] FIG WG charter proposal

Some grid resources operate at speeds beyond the range of current
choke-point firewalls.  I would like to see explicit mention in the
charter of attention to the case where the firewall function is
integral to the host.  There may still be interaction with an external
policy-control service for approval of rule changes.

                 Matt Crawford   <crawdad@fnal.gov>
                 Fermilab Computer Security Coordinator