Thanks to everyone who came to the session and for the engaging discussion. The slides presented and the charter have been uploaded to the OGF site: http://www.ogf.org/gf/event_schedule/index.php?id=1296 Please feel free to send comments over email or to the mailing lists. Inder
_____________________________________________ From: Monga, Inder (BL60:418) Sent: Monday, June 02, 2008 7:34 AM To: security-area@ogf.org; ghpn-wg@ogf.org; fi-rg@ogf.org Subject: Firewall Virtualization BOF: Monday evening
Hi All,
We would like your support for the Firewall Virtualization for Grid Applications Working Group BOF.
A common complaint we hear is that the firewall configurations to connect two new sites takes a long time to negotiate and make happen. After the application/experiement between the two sites is completed, in many cases the ports stay open. By virtualizing the firewall and providing a set of grid services, we believe that the problems/manual administrative tasks facing multi-site grid installations and dynamic VO formations can be simplified dramatically. By integrating within the Grid services, we can leverage the security infrastruture for Grid Applications, ensuring that the dynamic, automated firewall port opening is fully authorized and authenticated, both from the user and application perspective.
The BOF has been organized to seek your support in defining the set of virtualized services that can integrate any legacy firewall into the grid infrastructure. This virtualization, though very useful for grid applications, can be leveraged by other applications in the enterprise as well under proper security considerations.
The three documents we hope to work on within the group are: 1. A standard set of service definitions that provide an abstract interface for an authorized grid applications to specify its data-path traversal requirements. 2. A set of security recommendations surrounding the application interacting with the Firewall service at the control and data plane including AAA of the service requests 3. A best practices document for the network-administrator and a grid-administrator to understand the architecture and security implications of this deployment
The proposed detailed BOF charter and plan are attached as a word document. << File: Charter_FVGA.doc >> Thanks, Ralph and Inder Co-chairs, Firewall Issues Research Group