|

»

Draft Spiral 1 Security Design Report

View: New views

4 Messages — Rating Filter: Alert me

	Draft Spiral 1 Security Design Report by Heidi Picher Dempsey :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Please take a look at the draft report on the GENI wiki: http://groups.geni.net/geni/attachment/wiki/GENISecurity/GENI-SEC-ARCH-0.3.doc . The goal of this draft is to help guide and coordinate GENI prototyping teams, as well as other projects or people interested in joining or using GENI. A secondary goal of the document is to start discussions about security topics that are unclear or controversial as currently approached in Spiral 1. The project team expects to revise the document periodically, based on feedback from these discussions. Please post comments to this list. We will be discussing this topic at the OMIS working group meeting at GEC4. _______________________________________________ omis-wg mailing list omis-wg@... http://lists.geni.net/mailman/listinfo/omis-wg
	Re: Draft Spiral 1 Security Design Report by Bon sy-2 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Hi I just finished the first read of the report. Thanks for the effort! I have two high level questions: First, I am curious why there is no discussion on the accounting aspect; the third "A" in AAA (Authentication, Authorization, and Accounting). I would think some level of discussion on accounting would be necessary if we are to provide meaningful audit and forensic analysis as mentioned in the report. I would also think that accounting information may be useful for providing some guidance on how to approach isolation on experimentations. Second, should the privacy discussion be part of the security design? From the security perspective, what would be logged for accounting/audit and how the data/information may be provided for consumption and analysis seems to me an important aspect in the security design. Thanks again on the effort for the report and sharing. Bon On Mon, 2 Mar 2009, Heidi Picher Dempsey wrote: > Please take a look at the draft report on the GENI wiki: > > http://groups.geni.net/geni/attachment/wiki/GENISecurity/GENI-SEC-ARCH-0.3.doc > . > > The goal of this draft is to help guide and coordinate GENI > prototyping teams, as well as other projects or people interested in > joining or using GENI. A secondary goal of the document is to start > discussions about security topics that are unclear or controversial as > currently approached in Spiral 1. The project team expects to revise > the document periodically, based on feedback from these discussions. > Please post comments to this list. We will be discussing this topic > at the OMIS working group meeting at GEC4. > > > > _______________________________________________ > omis-wg mailing list > omis-wg@... > http://lists.geni.net/mailman/listinfo/omis-wg > _______________________________________________ omis-wg mailing list omis-wg@... http://lists.geni.net/mailman/listinfo/omis-wg
	Re: Draft Spiral 1 Security Design Report by Heidi Picher Dempsey-2 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message On Mar 3, 2009, at 12:01 PM, Bon sy wrote: > Hi > I just finished the first read of the report. Thanks for the > effort! > > I have two high level questions: > > First, I am curious why there is no discussion on the accounting > aspect; > the third "A" in AAA (Authentication, Authorization, and > Accounting). I > would think some level of discussion on accounting would be > necessary if > we are to provide meaningful audit and forensic analysis as > mentioned in > the report. I would also think that accounting information may be > useful > for providing some guidance on how to approach isolation on > experimentations. This is worth discussing more on the list. At a high level, we expect the aggregates to be doing much of what would normally be considered accounting. But you are right that there will be some records kept that could be considered accounting records. This overlaps with the data sharing document the GMOC team is drafting as well. > > > Second, should the privacy discussion be part of the security > design? From > the security perspective, what would be logged for accounting/audit > and > how the data/information may be provided for consumption and analysis > seems to me an important aspect in the security design. I agree. This is also an overlap with the GMOC document, and it is a very important area. I'd like to see Steve Schwab and Jon Paul Herron's high-level responses to this group. Thanks for taking the time to evaluate and discuss this Bon! > > > Thanks again on the effort for the report and sharing. > > Bon > > > > > On Mon, 2 Mar 2009, Heidi Picher Dempsey wrote: > >> Please take a look at the draft report on the GENI wiki: >> >> http://groups.geni.net/geni/attachment/wiki/GENISecurity/GENI-SEC-ARCH-0.3.doc >> . >> >> The goal of this draft is to help guide and coordinate GENI >> prototyping teams, as well as other projects or people interested in >> joining or using GENI. A secondary goal of the document is to start >> discussions about security topics that are unclear or controversial >> as >> currently approached in Spiral 1. The project team expects to revise >> the document periodically, based on feedback from these discussions. >> Please post comments to this list. We will be discussing this topic >> at the OMIS working group meeting at GEC4. >> >> >> >> _______________________________________________ >> omis-wg mailing list >> omis-wg@... >> http://lists.geni.net/mailman/listinfo/omis-wg >> > > _______________________________________________ > omis-wg mailing list > omis-wg@... > http://lists.geni.net/mailman/listinfo/omis-wg _______________________________________________ omis-wg mailing list omis-wg@... http://lists.geni.net/mailman/listinfo/omis-wg
	Re: Draft Spiral 1 Security Design Report by Schwab, Stephen :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Agreed -- both good points to address. Keep in mind that with limited time, we've got to focus on some aspects while deferring other aspects of the security architecture into subsequent months and years of work. The backlog of things to work out on paper is large. --Steve -----Original Message----- From: Heidi Picher Dempsey [mailto:hdempsey@...] Sent: Wednesday, March 04, 2009 8:27 AM To: Bon sy Cc: omis-wg@... Subject: Re: [omis-wg] Draft Spiral 1 Security Design Report On Mar 3, 2009, at 12:01 PM, Bon sy wrote: > Hi > I just finished the first read of the report. Thanks for the > effort! > > I have two high level questions: > > First, I am curious why there is no discussion on the accounting > aspect; > the third "A" in AAA (Authentication, Authorization, and > Accounting). I > would think some level of discussion on accounting would be > necessary if > we are to provide meaningful audit and forensic analysis as > mentioned in > the report. I would also think that accounting information may be > useful > for providing some guidance on how to approach isolation on > experimentations. This is worth discussing more on the list. At a high level, we expect the aggregates to be doing much of what would normally be considered accounting. But you are right that there will be some records kept that could be considered accounting records. This overlaps with the data sharing document the GMOC team is drafting as well. > > > Second, should the privacy discussion be part of the security > design? From > the security perspective, what would be logged for accounting/audit > and > how the data/information may be provided for consumption and analysis > seems to me an important aspect in the security design. I agree. This is also an overlap with the GMOC document, and it is a very important area. I'd like to see Steve Schwab and Jon Paul Herron's high-level responses to this group. Thanks for taking the time to evaluate and discuss this Bon! > > > Thanks again on the effort for the report and sharing. > > Bon > > > > > On Mon, 2 Mar 2009, Heidi Picher Dempsey wrote: > >> Please take a look at the draft report on the GENI wiki: >> >> http://groups.geni.net/geni/attachment/wiki/GENISecurity/GENI-SEC-ARCH-0 .3.doc >> . >> >> The goal of this draft is to help guide and coordinate GENI >> prototyping teams, as well as other projects or people interested in >> joining or using GENI. A secondary goal of the document is to start >> discussions about security topics that are unclear or controversial >> as >> currently approached in Spiral 1. The project team expects to revise >> the document periodically, based on feedback from these discussions. >> Please post comments to this list. We will be discussing this topic >> at the OMIS working group meeting at GEC4. >> >> >> >> _______________________________________________ >> omis-wg mailing list >> omis-wg@... >> http://lists.geni.net/mailman/listinfo/omis-wg >> > > _______________________________________________ > omis-wg mailing list > omis-wg@... > http://lists.geni.net/mailman/listinfo/omis-wg _______________________________________________ omis-wg mailing list omis-wg@... http://lists.geni.net/mailman/listinfo/omis-wg _______________________________________________ omis-wg mailing list omis-wg@... http://lists.geni.net/mailman/listinfo/omis-wg