Re: [Nsaas] 答复: Existing work, other things

Linda Dunbar <linda.dunbar@huawei.com> Tue, 12 August 2014 15:56 UTC

Return-Path: <linda.dunbar@huawei.com>
X-Original-To: nsaas@ietfa.amsl.com
Delivered-To: nsaas@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ACA301A0043 for <nsaas@ietfa.amsl.com>; Tue, 12 Aug 2014 08:56:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.081
X-Spam-Level: *
X-Spam-Status: No, score=1.081 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, CHARSET_FARAWAY_HEADER=3.2, MIME_8BIT_HEADER=0.3, MIME_CHARSET_FARAWAY=2.45, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.668, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UF66f0qJO06q for <nsaas@ietfa.amsl.com>; Tue, 12 Aug 2014 08:56:39 -0700 (PDT)
Received: from lhrrgout.huawei.com (lhrrgout.huawei.com [194.213.3.17]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7843C1A002C for <nsaas@ietf.org>; Tue, 12 Aug 2014 08:56:38 -0700 (PDT)
Received: from 172.18.7.190 (EHLO lhreml403-hub.china.huawei.com) ([172.18.7.190]) by lhrrg01-dlp.huawei.com (MOS 4.3.7-GA FastPath queued) with ESMTP id BLD87127; Tue, 12 Aug 2014 15:56:36 +0000 (GMT)
Received: from DFWEML705-CHM.china.huawei.com (10.193.5.142) by lhreml403-hub.china.huawei.com (10.201.5.217) with Microsoft SMTP Server (TLS) id 14.3.158.1; Tue, 12 Aug 2014 16:56:35 +0100
Received: from DFWEML701-CHM.china.huawei.com ([10.193.5.50]) by dfweml705-chm ([10.193.5.142]) with mapi id 14.03.0158.001; Tue, 12 Aug 2014 08:56:20 -0700
From: Linda Dunbar <linda.dunbar@huawei.com>
To: Melinda Shore <melinda.shore@gmail.com>, Zongning <zongning@huawei.com>, "nsaas@ietf.org" <nsaas@ietf.org>
Thread-Topic: =?gb2312?B?W05zYWFzXSC08Li0OiAgRXhpc3Rpbmcgd29yaywgb3RoZXIgdGhpbmdz?=
Thread-Index: AQHPtdma4rlWSy/aBkSWnwoV1iexc5vMvPyAgABc2FA=
Date: Tue, 12 Aug 2014 15:56:19 +0000
Message-ID: <4A95BA014132FF49AE685FAB4B9F17F645DB236D@dfweml701-chm.china.huawei.com>
References: <53E97DB5.3040106@gmail.com> <B0D29E0424F2DE47A0B36779EC666779661978DE@nkgeml501-mbs.china.huawei.com> <53E98377.1030902@gmail.com>
In-Reply-To: <53E98377.1030902@gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.47.144.204]
Content-Type: text/plain; charset="gb2312"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Archived-At: http://mailarchive.ietf.org/arch/msg/nsaas/ieSx7q8Bmc6cf7oav3ZxnDWJG-0
Subject: Re: [Nsaas] =?gb2312?b?tPC4tDogIEV4aXN0aW5nIHdvcmssIG90aGVyIHRoaW5n?= =?gb2312?b?cw==?=
X-BeenThere: nsaas@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "*NSaaS: Network Security as a Service mailing list*" <nsaas.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/nsaas>, <mailto:nsaas-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/nsaas/>
List-Post: <mailto:nsaas@ietf.org>
List-Help: <mailto:nsaas-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nsaas>, <mailto:nsaas-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Aug 2014 15:56:40 -0000

Melinda, 

You have brought up a very important aspect of NSaaS that needs to be addressed. 

OpenStack completed the Firewall as a Service project and specified the set of APIs for Firewall services: http://docs.openstack.org/admin-guide-cloud/content/fwaas_api_abstractions.html

OpenStack has also defined the APIs for managing Security Groups: http://docs.openstack.org/admin-guide-cloud/content/securitygroup_api_abstractions.html. 

In addition, there is a "Security as a service by Cloud Security Alliance (": https://cloudsecurityalliance.org/research/secaas/#_get-involved 
SaaS by CSA is at the initial stage of defining the scope of work.

OpenStack, as it is an open source community, its contributions are like IETF's individual submissions. While IETF's individual submissions require some levels of expert review before RFC can be published, OpenStack doesn't have this system. Basically, it is not required to have validation on correctness and completeness of the submissions. 

As the result, the attributes defined by OpenStack Firewall/Security as a Service are very primitive, e.g. only say "firewall rules" without explicit specification of what. In addition, 

One of the goals of NSaaS in IETF is to create a productive eco-system with OpenStack and other Open Source communities, with IETF defining specifications/protocols, Open Source communities contributing source code based on IETF initial specifications (potentially with enhancement), which in turn augment IETF specification, and then back to Open Source communities. 

The NSaaS can start with will the OpenStack defined interface, and move on to make them more complete and useable.  
 


Linda


-----Original Message-----
From: Nsaas [mailto:nsaas-bounces@ietf.org] On Behalf Of Melinda Shore
Sent: Monday, August 11, 2014 10:01 PM
To: Zongning; nsaas@ietf.org
Subject: Re: [Nsaas] 答复: Existing work, other things

On 8/11/14 6:45 PM, Zongning wrote:
> I agree that clearly listing existing work in IETF and making a check 
> list on gap would be very helpful for this initiative.

I think that what really needs to be addressed is that these previous efforts have been unsuccessful.  If the OpenStack project is seeing uptake, that's a big deal.

Melinda


_______________________________________________
Nsaas mailing list
Nsaas@ietf.org
https://www.ietf.org/mailman/listinfo/nsaas