[Nea] NEA BOF Request
"Stephen Hanna" <shanna@juniper.net> Tue, 23 May 2006 01:19 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1FiLYM-00086N-38; Mon, 22 May 2006 21:19:18 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FiLYK-00086H-Jm; Mon, 22 May 2006 21:19:16 -0400
Received: from kremlin.juniper.net ([207.17.137.120]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FiLYI-0000dI-1B; Mon, 22 May 2006 21:19:16 -0400
Received: from unknown (HELO proton.jnpr.net) ([10.10.2.37]) by kremlin.juniper.net with ESMTP; 22 May 2006 18:19:03 -0700
X-IronPort-AV: i="4.05,158,1146466800"; d="scan'208"; a="548516871:sNHT26769189578"
X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: quoted-printable
Date: Mon, 22 May 2006 21:19:04 -0400
Message-ID: <A6398B0DB62A474C82F61554EE937287937DE0@proton.jnpr.net>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: NEA BOF Request
Thread-Index: AcYuejfIHhVT50FnSaquzZnZuO/WLBPX/jFAAArjPzA=
From: Stephen Hanna <shanna@juniper.net>
To: agenda@ietf.org
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 43317e64100dd4d87214c51822b582d1
Cc: nea@ietf.org, housley@vigilsec.com
Subject: [Nea] NEA BOF Request
X-BeenThere: nea@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Network Endpoint Assessment discussion list <nea.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/nea>, <mailto:nea-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/nea>
List-Post: <mailto:nea@ietf.org>
List-Help: <mailto:nea-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/nea>, <mailto:nea-request@ietf.org?subject=subscribe>
Errors-To: nea-bounces@ietf.org
This is a request on behalf of the Network Endpoint Assessment (NEA) mailing list to have a BOF session at IETF 66 in the Security area. The members of the NEA mailing list have revised the proposed WG charter in response to feedback received at our last BOF at IETF 65. We have reached rough consensus for the charter below and a design team has started work on our requirements document. A draft is almost ready. The primary focus of this BOF will be to confirm the consensus on the charter with a broader audience. The latest requirements and problem statement documents will be submitted as Internet Drafts this evening and should appear in the repository soon. Thanks, Steve Hanna Susan Thomson ------------------------- BOF name: Network Endpoint Assessment (NEA) Area: Security Area Chair Names: Steve Hanna <shanna@juniper.net>, Susan Thomson <sethomso@cisco.com> Conflicts: EMU WG, EAP WG, TLS WG, RADEXT WG, SAAG, PANA Expected Attendance: 100 Number of sessions: 1 Length of session: 2 hours email list: nea@ietf.org Draft Agenda: see below Proposed WG Charter: see below ------------ Network Endpoint Assessment (NEA) BOF Draft Agenda Agenda Bashing (5 minutes) Discuss and Agree on NEA Charter (115 minutes) At IETF 65, an NEA BOF was held. Several things were clear: 1) This is important work. Many people spoke about this. 2) We need clear interoperability goals. 3) We should standardize at least a minimal set of posture attributes to allow any client and server to have some interoperability. 4) PA and PB should be transport independent. 5) We should not spend too much time on requirements. Since then, the members of the NEA mailing list have revised the proposed WG charter in response to this feedback. We have reached rough consensus on the charter below and a design team has started work on the requirements document. A draft is ready. The focus of the NEA BOF at IETF 66 will be to confirm the consensus on the revised charter with a broader audience and resolve any issues raised. NEA BOF participants are expected to have read the documents listed below before the BOF meeting. Discussion of these documents before the BOF meeting is strongly encouraged. It will take place on the nea@ietf.org mailing list. Network Endpoint Assessment (NEA) Problem Statement draft-thomson-nea-problem-statement-02.txt (Note that the problem statement will be combined into the requirements document after the WG charter is approved.) Requirements for Network Endpoint Access (NEA) draft-khosravi-nea-requirements-00.txt Proposed NEA Charter <See below> Mailing List nea@ietf.org https://www1.ietf.org/mailman/listinfo/nea -------------------------- Proposed NEA WG Charter Network Endpoint Assessment (NEA) architectures have been implemented in the industry to assess the "posture" of endpoint devices for the purposes of monitoring or enforcing compliance to an organization's policy for access to the network. Posture refers to the hardware or software configuration of an endpoint as it pertains to an organization's security policy. Posture may include knowledge about the types of hardware and software installed and their configurations, e.g. OS name and version, application patch levels, and anti-virus signature file version. On network access, an endpoint with an NEA Client can be queried for posture information which is validated on an NEA Server as part of network access control. Since NEA involves many different components from different vendors, interoperation between NEA architectures and implementations is highly desirable. Given that well-established protocols already exist for the lowest layers in the NEA architectures (such as EAP and RADIUS), the priority of the NEA working group is to standardize protocols at the higher layers in the architectures: the Posture Attribute protocol (PA) and the Posture Broker protocol (PB). When used with the existing standards for lower layers, these new protocols will allow interoperability between an NEA Client from one vendor and an NEA Server from another. PA and PB will be designed to support a variety of lower layer protocols. In order to achieve eventual interoperability via EAP, specific requirements for EAP will be identified. Since there are already several existing protocols at these higher layers, the NEA working group will consider these existing protocols as candidates for standardization. A requirements document will be written and used as a basis for evaluating the candidate protocols. The working group may decide to standardize one of the candidate protocols, use one of them as a basis for a new or revised protocol, or decide that a new protocol is needed. The NEA Requirements document will include a problem statement, definition of terms, requirements for PA, PB, and an overall security analysis. It will also include requirements for the protocol transporting PA, PB: the Posture Transport protocol (PT). Specific requirements for an EAP instantiation of PT will be identified. PA, the Posture Attribute protocol, consists of posture attributes that are carried between a particular Posture Collector in a NEA client and a particular Posture Validator in a NEA Server. The PA protocol is carried inside the PB protocol. Certain posture attributes will be standardized to ensure interoperability but vendor-specific attributes will also be supported. PB, the Posture Broker protocol, aggregates posture attributes from one or more Posture Collectors in an NEA client and sends them to the NEA server for assessment by one or more Posture Validators. PT, the Posture Transport protocol, is a protocol (or stack of protocols) suitable for carrying the PB protocol at or after network connection. The NEA working group will not work on standardizing protocols other than PA and PB at this time. Such work will be considered via the standard rechartering process after the completion of these milestones. Milestones: June 2006: * Submit first version of NEA Requirements I-D July 2006: * Agree on charter and milestones at IETF 66 September 2006: * WG Last Call on NEA Requirements I-D October 2006: * Deadline for submission of candidate specs for PA and PB * Submit first version of NEA Evaluation I-D November 2006: * At IETF 67, review NEA Evaluation I-D December 2006: * WG Last Call on NEA Evaluation I-D January 2007: * Submit NEA Requirements I-D and Evaluation I-D to IESG as Info RFC * Submit first draft of PA and PB specs for review March 2007: * Discuss unresolved issues with PA and PB specs at IETF 68 * Agree on solutions to unresolved issues with PA and PB specs April 2007: * Submit revised draft of PA and PB specs June 2007 * WG Last Call on PA and PB specs July 2007 * Resolve outstanding Last Call comments on requirements I-D at IETF 69 August 2007: * Submit PA and PB specs to IESG for publication as Proposed _______________________________________________ Nea mailing list Nea@ietf.org https://www1.ietf.org/mailman/listinfo/nea
- [Nea] NEA BOF Request Susan Thomson (sethomso)
- [Nea] NEA BOF Request Stephen Hanna