Re: [Secauth] Please be volunteer to comment--- Summary of Telco on 19 December 2014
Gabriel López <gabilm@um.es> Tue, 13 January 2015 09:24 UTC
Return-Path: <gabilm@um.es>
X-Original-To: secauth@ietfa.amsl.com
Delivered-To: secauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 11A9A1ACCC7 for <secauth@ietfa.amsl.com>; Tue, 13 Jan 2015 01:24:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.187
X-Spam-Level:
X-Spam-Status: No, score=-3.187 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, MIME_8BIT_HEADER=0.3, MIME_HTML_ONLY=0.723, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sbbvXL8bAhQo for <secauth@ietfa.amsl.com>; Tue, 13 Jan 2015 01:24:26 -0800 (PST)
Received: from xenon24.um.es (xenon24.um.es [155.54.212.164]) by ietfa.amsl.com (Postfix) with ESMTP id C76471A8A7E for <secauth@ietf.org>; Tue, 13 Jan 2015 01:24:25 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by xenon24.um.es (Postfix) with ESMTP id 39063102FC for <secauth@ietf.org>; Tue, 13 Jan 2015 10:24:23 +0100 (CET)
X-Virus-Scanned: by antispam in UMU at xenon24.um.es
Received: from xenon24.um.es ([127.0.0.1]) by localhost (xenon24.um.es [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 0b0YxFERo0-o for <secauth@ietf.org>; Tue, 13 Jan 2015 10:24:23 +0100 (CET)
Received: from MacBook-Pro-de-Gabriel-Lopez.local (50.Red-95-120-132.dynamicIP.rima-tde.net [95.120.132.50]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: gabilm) by xenon24.um.es (Postfix) with ESMTPSA id 701D2FE27 for <secauth@ietf.org>; Tue, 13 Jan 2015 10:24:20 +0100 (CET)
Message-ID: <54B4E444.6050507@um.es>
Date: Tue, 13 Jan 2015 10:24:20 +0100
From: Gabriel López <gabilm@um.es>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:31.0) Gecko/20100101 Thunderbird/31.3.0
MIME-Version: 1.0
To: secauth@ietf.org
References: <814D0BFB77D95844A01CA29B44CBF8A7014D9FD0@lhreml504-mbs.china.huawei.com>
In-Reply-To: <814D0BFB77D95844A01CA29B44CBF8A7014D9FD0@lhreml504-mbs.china.huawei.com>
OpenPGP: id=8D119153
Content-Type: multipart/signed; micalg="pgp-sha1"; protocol="application/pgp-signature"; boundary="c75vkC1VVfL2S01U58eOIvRxxAihbjrda"
Archived-At: <http://mailarchive.ietf.org/arch/msg/secauth/UVFYptn5rzZW7F7M2mkbO0axw0Q>
Subject: Re: [Secauth] Please be volunteer to comment--- Summary of Telco on 19 December 2014
X-BeenThere: secauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Omni-purpose Network-layer based Secure Authentication and Authorization non-working group discussion list <secauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secauth>, <mailto:secauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secauth/>
List-Post: <mailto:secauth@ietf.org>
List-Help: <mailto:secauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secauth>, <mailto:secauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Jan 2015 09:24:29 -0000
Hi Hosnieh,
sorry for the late response ...
El 08/01/15 a las 14:28, Hosnieh Rafiee escribió:
Folks, Happy new year! I hope you start a good year and enjoyed your new year holiday and ready to activate the group again :-) Here is the summary of the meeting - Presentation of available standards, secauth use cases, its possible scope, - To remove use case 4 related to authentication of IoT to cloud system and only focus on SDN related solution - Discussion about adding the exact place (a picture or slide) to show where a protocol is missing and the exact scope of secauth. Enclosed you can find the revision of slides used for the telco discussion on 19 December to consider the comments received during telco. Again thanks Alex, Rafa, Gabriel, Alan for sharing their opinions. Comments are welcomed. If you see something is unclear on slide and need any discussion just share it on the mailinglist.
One of my concerns, probably a little one, but probably not, is that following your assumptions in #5 it seems (IMHO) that you are describing something more related with NFV (Network Function Virtualization) than with SDN. I means, it seems to me that you are trying to virtualize some kind of security function (authentication) rather than a policy-driven network behaviour.
SDNs controllers (including and beyond OpenFlow) runs over L2/L3 network devices, analyse incoming network traffic, take a decision about this traffic and enforce the decision into the network device, the traffic goes on or it is denied. Sometimes those controllers need the help for other services (Firewalls, Load balancers, IDS, etc), and then invoke the upper layer to use them.
Following your slides, your clients (APs) needs to invoke to an authentication service, which seems to be virtualized, the service takes an authentication decision and responds Yes or Not. The traffic does not go on or is denied, the service is the traffic's target. As said before, IMHO (and I can be probable wrong), this behaviour is more related with NFV than with SDNs.
Said that, On one hand, I agree with Alan in the way that the target scenario (without taking into account the use or not of SDNs) seems that could be solved making use of current technologies (note that I'm not saying it is not an interesting use case, on the contrary).
On the other hand, if the objective is to solve this use case but making use of new technologies (i.e. SDNs) it would be nice to analyse the requirements driving this objective. I mean, we can not decide to use SDNs only because it will be the technology of the future.
Use case 2:
"All SIP proxy needs to be configured in order to authenticate Alice’s phone to connect to another person". AFAIK that's not true. Only the home SIP proxy authenticates Alice.
"since these SIP proxy servers are all also virtualized components" --> NFV
Where SDNs could help in this scenario is in the management and enforcement of the required QoS parameters into the network devices for the media traffic.
Use case 3:
Sorry, I do not see how this use case is related with the other ones.
In summary, I think the use case is good enough to work on it, but I'm not sure about the standardization requirements.
Best regards, Gabi.
Thanks, Best, Hosnieh
_______________________________________________ Secauth mailing list Secauth@ietf.org https://www.ietf.org/mailman/listinfo/secauth" rel="nofollow">https://www.ietf.org/mailman/listinfo/secauth
-- -------------------------------------------------------------- Gabriel López Millán Departamento de Ingeniería de la Información y las Comunicaciones University of Murcia Spain Tel: +34 868888504 Fax: +34 868884151 email: gabilm@um.es
- [Secauth] Please be volunteer to comment--- Summa… Hosnieh Rafiee
- Re: [Secauth] Please be volunteer to comment--- S… Alan DeKok
- Re: [Secauth] Please be volunteer to comment--- S… Hosnieh Rafiee
- Re: [Secauth] Please be volunteer to comment--- S… Gabriel López
- Re: [Secauth] Please be volunteer to comment--- S… Rafa Marin Lopez