|
»
« Return to Thread: Draft Spiral 1 Security Design Report
Re: Draft Spiral 1 Security Design Report
by Schwab, Stephen
::
Rate this Message:
Agreed -- both good points to address. Keep in mind that with limited
time, we've got to focus on some aspects while deferring other aspects
of the security architecture into subsequent months and years of work.
The backlog of things to work out on paper is large.
--Steve
-----Original Message-----
From: Heidi Picher Dempsey [mailto:hdempsey@...]
Sent: Wednesday, March 04, 2009 8:27 AM
To: Bon sy
Cc: omis-wg@...
Subject: Re: [omis-wg] Draft Spiral 1 Security Design Report
On Mar 3, 2009, at 12:01 PM, Bon sy wrote:
> Hi
> I just finished the first read of the report. Thanks for the
> effort!
>
> I have two high level questions:
>
> First, I am curious why there is no discussion on the accounting
> aspect;
> the third "A" in AAA (Authentication, Authorization, and
> Accounting). I
> would think some level of discussion on accounting would be
> necessary if
> we are to provide meaningful audit and forensic analysis as
> mentioned in
> the report. I would also think that accounting information may be
> useful
> for providing some guidance on how to approach isolation on
> experimentations.
This is worth discussing more on the list. At a high level, we expect
the aggregates to be doing much of what would normally be considered
accounting. But you are right that there will be some records kept
that could be considered accounting records. This overlaps with the
data sharing document the GMOC team is drafting as well.
>
>
> Second, should the privacy discussion be part of the security
> design? From
> the security perspective, what would be logged for accounting/audit
> and
> how the data/information may be provided for consumption and analysis
> seems to me an important aspect in the security design.
I agree. This is also an overlap with the GMOC document, and it is a
very important area.
I'd like to see Steve Schwab and Jon Paul Herron's high-level
responses to this group.
Thanks for taking the time to evaluate and discuss this Bon!
>
>
> Thanks again on the effort for the report and sharing.
>
> Bon
>
>
>
>
> On Mon, 2 Mar 2009, Heidi Picher Dempsey wrote:
>
>> Please take a look at the draft report on the GENI wiki:
>>
>>http://groups.geni.net/geni/attachment/wiki/GENISecurity/GENI-SEC-ARCH-0
.3.doc
>> .
>>
>> The goal of this draft is to help guide and coordinate GENI
>> prototyping teams, as well as other projects or people interested in
>> joining or using GENI. A secondary goal of the document is to start
>> discussions about security topics that are unclear or controversial
>> as
>> currently approached in Spiral 1. The project team expects to revise
>> the document periodically, based on feedback from these discussions.
>> Please post comments to this list. We will be discussing this topic
>> at the OMIS working group meeting at GEC4.
>>
>>
>>
>> _______________________________________________
>> omis-wg mailing list
>> omis-wg@...
>> http://lists.geni.net/mailman/listinfo/omis-wg
>>
>
> _______________________________________________
> omis-wg mailing list
> omis-wg@...
> http://lists.geni.net/mailman/listinfo/omis-wg
_______________________________________________
omis-wg mailing list
omis-wg@...
http://lists.geni.net/mailman/listinfo/omis-wg
_______________________________________________
omis-wg mailing list
omis-wg@...
http://lists.geni.net/mailman/listinfo/omis-wg
time, we've got to focus on some aspects while deferring other aspects
of the security architecture into subsequent months and years of work.
The backlog of things to work out on paper is large.
--Steve
-----Original Message-----
From: Heidi Picher Dempsey [mailto:hdempsey@...]
Sent: Wednesday, March 04, 2009 8:27 AM
To: Bon sy
Cc: omis-wg@...
Subject: Re: [omis-wg] Draft Spiral 1 Security Design Report
On Mar 3, 2009, at 12:01 PM, Bon sy wrote:
> Hi
> I just finished the first read of the report. Thanks for the
> effort!
>
> I have two high level questions:
>
> First, I am curious why there is no discussion on the accounting
> aspect;
> the third "A" in AAA (Authentication, Authorization, and
> Accounting). I
> would think some level of discussion on accounting would be
> necessary if
> we are to provide meaningful audit and forensic analysis as
> mentioned in
> the report. I would also think that accounting information may be
> useful
> for providing some guidance on how to approach isolation on
> experimentations.
This is worth discussing more on the list. At a high level, we expect
the aggregates to be doing much of what would normally be considered
accounting. But you are right that there will be some records kept
that could be considered accounting records. This overlaps with the
data sharing document the GMOC team is drafting as well.
>
>
> Second, should the privacy discussion be part of the security
> design? From
> the security perspective, what would be logged for accounting/audit
> and
> how the data/information may be provided for consumption and analysis
> seems to me an important aspect in the security design.
I agree. This is also an overlap with the GMOC document, and it is a
very important area.
I'd like to see Steve Schwab and Jon Paul Herron's high-level
responses to this group.
Thanks for taking the time to evaluate and discuss this Bon!
>
>
> Thanks again on the effort for the report and sharing.
>
> Bon
>
>
>
>
> On Mon, 2 Mar 2009, Heidi Picher Dempsey wrote:
>
>> Please take a look at the draft report on the GENI wiki:
>>
>>
.3.doc
>> .
>>
>> The goal of this draft is to help guide and coordinate GENI
>> prototyping teams, as well as other projects or people interested in
>> joining or using GENI. A secondary goal of the document is to start
>> discussions about security topics that are unclear or controversial
>> as
>> currently approached in Spiral 1. The project team expects to revise
>> the document periodically, based on feedback from these discussions.
>> Please post comments to this list. We will be discussing this topic
>> at the OMIS working group meeting at GEC4.
>>
>>
>>
>> _______________________________________________
>> omis-wg mailing list
>> omis-wg@...
>> http://lists.geni.net/mailman/listinfo/omis-wg
>>
>
> _______________________________________________
> omis-wg mailing list
> omis-wg@...
> http://lists.geni.net/mailman/listinfo/omis-wg
_______________________________________________
omis-wg mailing list
omis-wg@...
http://lists.geni.net/mailman/listinfo/omis-wg
_______________________________________________
omis-wg mailing list
omis-wg@...
http://lists.geni.net/mailman/listinfo/omis-wg
« Return to Thread: Draft Spiral 1 Security Design Report
| Free embeddable forum powered by Nabble | Forum Help |
