|
»
« Return to Thread: Draft Spiral 1 Security Design Report
Re: Draft Spiral 1 Security Design Report
by Bon sy-2
::
Rate this Message:
Hi
I just finished the first read of the report. Thanks for the
effort!
I have two high level questions:
First, I am curious why there is no discussion on the accounting aspect;
the third "A" in AAA (Authentication, Authorization, and Accounting). I
would think some level of discussion on accounting would be necessary if
we are to provide meaningful audit and forensic analysis as mentioned in
the report. I would also think that accounting information may be useful
for providing some guidance on how to approach isolation on experimentations.
Second, should the privacy discussion be part of the security design? From
the security perspective, what would be logged for accounting/audit and
how the data/information may be provided for consumption and analysis
seems to me an important aspect in the security design.
Thanks again on the effort for the report and sharing.
Bon
On Mon, 2 Mar 2009, Heidi Picher Dempsey wrote:
> Please take a look at the draft report on the GENI wiki:
>
> http://groups.geni.net/geni/attachment/wiki/GENISecurity/GENI-SEC-ARCH-0.3.doc
> .
>
> The goal of this draft is to help guide and coordinate GENI
> prototyping teams, as well as other projects or people interested in
> joining or using GENI. A secondary goal of the document is to start
> discussions about security topics that are unclear or controversial as
> currently approached in Spiral 1. The project team expects to revise
> the document periodically, based on feedback from these discussions.
> Please post comments to this list. We will be discussing this topic
> at the OMIS working group meeting at GEC4.
>
>
>
> _______________________________________________
> omis-wg mailing list
> omis-wg@...
> http://lists.geni.net/mailman/listinfo/omis-wg
>
_______________________________________________
omis-wg mailing list
omis-wg@...
http://lists.geni.net/mailman/listinfo/omis-wg
I just finished the first read of the report. Thanks for the
effort!
I have two high level questions:
First, I am curious why there is no discussion on the accounting aspect;
the third "A" in AAA (Authentication, Authorization, and Accounting). I
would think some level of discussion on accounting would be necessary if
we are to provide meaningful audit and forensic analysis as mentioned in
the report. I would also think that accounting information may be useful
for providing some guidance on how to approach isolation on experimentations.
Second, should the privacy discussion be part of the security design? From
the security perspective, what would be logged for accounting/audit and
how the data/information may be provided for consumption and analysis
seems to me an important aspect in the security design.
Thanks again on the effort for the report and sharing.
Bon
On Mon, 2 Mar 2009, Heidi Picher Dempsey wrote:
> Please take a look at the draft report on the GENI wiki:
>
> http://groups.geni.net/geni/attachment/wiki/GENISecurity/GENI-SEC-ARCH-0.3.doc
> .
>
> The goal of this draft is to help guide and coordinate GENI
> prototyping teams, as well as other projects or people interested in
> joining or using GENI. A secondary goal of the document is to start
> discussions about security topics that are unclear or controversial as
> currently approached in Spiral 1. The project team expects to revise
> the document periodically, based on feedback from these discussions.
> Please post comments to this list. We will be discussing this topic
> at the OMIS working group meeting at GEC4.
>
>
>
> _______________________________________________
> omis-wg mailing list
> omis-wg@...
> http://lists.geni.net/mailman/listinfo/omis-wg
>
_______________________________________________
omis-wg mailing list
omis-wg@...
http://lists.geni.net/mailman/listinfo/omis-wg
« Return to Thread: Draft Spiral 1 Security Design Report
| Free embeddable forum powered by Nabble | Forum Help |
