"easier to read" version

Fred Glover <fglover@decvax.dec.com> Tue, 14 April 1992 02:01 UTC

Received: from nri.nri.reston.va.us by ietf.NRI.Reston.VA.US id aa05316; 13 Apr 92 22:01 EDT
Received: from wdl1.wdl.loral.com by NRI.Reston.VA.US id aa27955; 13 Apr 92 22:04 EDT
Received: by wdl1.wdl.loral.com (5.61+++/WDL-3.10) id AA10726; Mon, 13 Apr 92 18:44:23 -0700
Received: from decvax.dec.com by wdl1.wdl.loral.com (5.61+++/WDL-3.10) id AA10720; Mon, 13 Apr 92 18:44:18 -0700
Received: by decvax.dec.com (5.57/decvax-27Nov90) id AA06558; Mon, 13 Apr 92 21:44:04 -0400
Received: by abyss.zk3.dec.com (5.57/DEC-USSG-ZK3-ULTRIX-09/27/91); id AA04066; Mon, 13 Apr 92 21:44:02 -0400
Date: Mon, 13 Apr 92 21:44:02 -0400
From: Fred Glover <fglover@decvax.dec.com>
Message-Id: <9204140144.AA04066@abyss.zk3.dec.com>
To: tnfs@wdl1.wdl.loral.com
Subject: "easier to read" version
Sender: tnfs-request@wdl1.wdl.loral.com

>>> Submissions to the tnfs list: tnfs@wdl1.wdl.loral.com
>>> Additions/deletions/questions: tnfs-request@wdl1.wdl.loral.com
>>> Archive Server: listserv@wdl1.wdl.loral.com

            IETF/TSIG Trusted NFS Working Group
                January '92 Meeting Summary

Working Group Chair: Fred Glover


          Fran Fadden     DEC
          Jonathon Fraser DEC
          Fred Glover     DEC
          Ali Gohshan     HP
          Narayan Makaram Amdahl Corporation
          Mark Saake      Lawrence Livermore Labs
          Carl Smith      Sun Microsystems, Inc.
          Charlie Watt    SecureWare

1.  IETF/TSIG TNFS Working Group Meeting Summary

1.1.  General Summary

The TNFS working group met in January as a  joint  IETF/TSIG
working group.  By the end of this meeting, we achieved clo-
sure on the  TNFS  document;  all  outstanding  issues  were
resolved.   The  updated  document  will  be archived, and a
request will be made to advance the document  from  Internet
Draft to Proposed Standard.

1.2.  Meeting Summary

During the January meeting, we:

     o    inspected (page by page review) the  modifications
          to the TNFS document,

     o    reviewed the TKM specification

     o    discussed the DNSIX token mapping mechanism

     o    discussed plans for associated TNFS documentation

     o    reviewed  interoperability  opportunities,  future

     o    discussed TSIG document numbering;  assigned  TSIG
          document numbers

1.2.1.  TNFS Document Review

The IETF TNFS document has been available  for  comments  in

*** IETF/TSIG TNFS Working Group - 01/92 Meeting Summary ***

                           - 2 -

the  IETF Draft directory and TNFS archive since July, 1991.
During the January meeting, the working group completed work
on  the resolution of all of the outstanding draft comments,
and voted to advance the draft to that of Proposed Standard.
Conforming  implementations are being encouraged in order to
support future interoperability testing.

Final updates to the TNFS document include:

     o    the distinguished value will be changed from  ZERO
          to "all bits on"

     o    the document will be updated to clarify the use of
          process and file privileges

     o    a single privilege token will be included  in  the
          credential  and  file  attribute  structures; this
          token may be used to represent either a single  or
          multiple privilege sets

     o    client side auditing will be enabled by default; a
          note regarding auditing of non-MLS clients will be

     o    file name  labeling  and  multi-level  directories
          will  be included in the TNFS specification, along
          with new protocol operations to support them

     o    the client caching  section  will  be  updated  to
          reflect  additional  considerations  in the use of
          cached information after a modification to a  pro-
          cess' security attributes

The updated document will be included in the IETF  and  TNFS

1.2.2.  Token Manager Review

Closure was also reached for TKM document,  in  its  support
for TNFS, with the following updates:

     o    include new protocol operation for inverse mapping
          (attribute to token)

     o    update the document to use the  AUTH_UNIX  creden-
          tial; this is required to eliminate initialization

The updated TKM document will be placed into the IETF  draft
directory and the TSIG TNFS archive.

1.2.3.  DNSIX Token Mapping

Charlie Watt  presented  an  overview  of  the  DNSIX  token

*** IETF/TSIG TNFS Working Group - 01/92 Meeting Summary ***

                           - 3 -

mapping  mechanism.   The  working group provided a few edi-
torial comments back to him.  The major issue identified was
whether  this  Token Mapping model would be made public, and
thus available to the IETF community.  Charlie believed that
this  would  happen in the future, and a representative from
the government also confirmed that this was planned.  At the
present  time,  however, the document is not publicly avail-
able.  So any  possibilities  for  potential  IETF  use  are
delayed until the document can be distributed.

1.2.4.  Associated TNFS Documentation

The working group recommended that the  TNFS  Implementation
and  TNFS  Adminstration  guides  be  updated  based  on the
October '91 reviews of these documents, and then  placed  in
the  TNFS  archive  and the IETF Draft directory as informa-
tional RFCs.

1.2.5.  Interoperability Testing

The working group reviewed the progress of  implementations,
and discussed the possibility of interoperability testing at
the April IETF/TSIG  meeting.   A  proposed  test  plan  was
reviewed, which would be used for this purpose.

1.2.6.  TSIG Document Numbering

During the plenary session, a document numbering scheme  was
selected.  Using this scheme, the working group assigned the
following document numbers:

          TNFS Specification:TSIG-TNFS-001.02.01

          TNFS Test Plan:TSIG-TNFS-002.01.01

          TNFS Test Attributes:TSIG-TNFS-003.01.01

          TNFS Implementation Guide:TSIG-TNFS-004.01.01

          TNFS Administation Guide:TSIG-TNFS-005.01.01

          TNFS TKM Specification:TSIG-TNFS-006.01.01

          TNFS tnfs.hTSIG-TNFS-007.01.01

1.3.  Next Meeting

The TNFS group will plan to meet as both a TSIG and an  IETF
working  group  at the April meeting in Mountain View, Cali-
fornia. At that meeting, we will plan to:

     o    review the "final" version of the  TNFS  documents
          (updated  documents  placed  into the TNFS archive
          and IETF drafts directory: Fred, Fran, Carl, Ali)

*** IETF/TSIG TNFS Working Group - 01/92 Meeting Summary ***

                           - 4 -

     o    review the interoperability test plan (all)

     o    update/develop NFS test suite extension  for  TNFS

     o    identify conforming implementations to support our
          request to transition our TNFS document (all)

     o    investigate NFS lock manager  and  status  monitor
          for B1/CMW extensions (Charlie)

     o    commence identification of auditable  TNFS  events

     o    place "tnfs.h", test plan,  test  attributes  into
          TNFS archive (Fred)

The April meeting is planned for the  28th-30th  at  Silicon
Graphics in Mountain View, California.

*** IETF/TSIG TNFS Working Group - 01/92 Meeting Summary ***