On Sat, 30 Jan 2010 17:47:50 -0500, Casey Schaufler <casey at schaufler-ca.com> wrote:
> David P. Quigley wrote: >> Roll Call: >> >> Dave Quigley and Stephen Smalley / NSA >> Jarrett Lu/Oracle >> Peter Staubach & James Morris/Red Hat >> Paul Moore / HP >> Matthew Dodd / SPARTA >> Spencer Shimko / Tresys >> >> >> IETF Note Well Agreement: >> >> This is a reminder that our discussions are governed by the >> IETF Note Well Agreement. See: >> >> http://www.ietf.org/NOTEWELL.html >> >> We will start each week's meeting with this announcement. >> >> Q&A Session concerning existing Labeled NFS documents: >> >> - Jarrett asked if there were updated documents. >> - Dave noted that updated documents are WIP. >> - Jarrett suggested contacting Joy Latten about Labeled IPSEC and >> developing >> a common label format specification. >> - Dave summarized current lnfs specification. >> >> Review Impact Study: >> >> Dave summarizes: >> - Impact and Scope sections near complete. >> - Need to flesh out use cases. >> 1. Full mode, MAC consistency, especially user home directories. >> 2. MAC for virtual machine images stored on network. >> 3. Simple security label storage (client-focused). >> 4. Regulatory Compliance. >> >> Spencer/Tresys: >> - High performance computing w/ cluster and NFS filesystems. >> - Specific reqs to labeled security. >> - Becoming more evident in corporate world for regulatory compliance. >> >> James/Red Hat: >> - Corporate partners have flagged LNFS as a requirement. >> - OEMs are stating requirements for security enabling of products. >> >> Dave/NSA: >> - EMC on the fence, need more demonstration of real demand for this >> technology. >> > > If you can pass along the name of the contact at EMC I will see > what I can do. It will be me: Sorin Faibish. > >> Peter/Red Hat: >> - Linux NFSv4 server rarely used in the enterprise. >> - NetApp or EMC must support for corporate acceptance - major storage >> vendors. >> >> Dave/NSA: >> - NetApp expressed that if support this functionality they would like to >> provide some sort of MAC enforcement. If the module is SELinux like it >> would require a BSD or similar port of SELinux to be made viable again. >> >> James/Red Hat: They should just start with dumb server model. >> Dave/NSA: Agree, just storage initially, full MAC model can follow. >> >> Peter/Red Hat: Asked for copies of impact study. >> Dave/NSA: Should be released publically soon after prepub approval. >> >> Dave/NSA: Need people to participate in review and writing sections. >> >> Peter/Red Hat: Management supports moving Labeled NFSv4 forward. Wants >> it >> to progress together with James' xattr support for NFSv3. >> >> James/Red Hat: NFSv4 solution must also move forward; out-of-band >> NFSv3 solution may discourage standardization of solution for NFSv4. >> James will continue to work on documents as well as NFSv3 xattr process. >> >> James/Red Hat and Dave/NSA: Private namespace for storage on dumb >> server? Possibly use system namespace on server? No server >> interpretation? Configurable mapping in exports table? Allows server >> to be unaffected by labels set by clients even if server is running a >> MAC model. >> >> Matt/SPARTA: Server will always just provide label, no namespace >> conflict between client and server. >> >> James/Red Hat: Clarifies that purpose of NFSv3 xattr work is to provide >> a stopgap solution until NFSv4 work can achieve standardization and >> deployment as well as to support legacy usage of NFSv3. >> >> Peter/Red Hat: nfsroot should be included as a use case. >> >> James/Red Hat: build servers could use local NFS mounts to support dumb >> storage? >> >> Dave/NSA: >> - Investigate more details for use cases, summarize and submit to Dave. >> - Impact and label format specifier documents will be prepub'd and >> released ASAP. >> - After release, review and comment. >> - Labeled format specifier: split next telecon 50/50. >> >> Action Items: >> - Release impact document. >> - Release label format specification document. >> - Upload updated requirements and specification documents to IETF >> website. >> - Invite the labeled ipsec people to next meeting. >> >> Agenda items for the next meeting: >> - Review and incorporate suggested changes to the impact document >> - Discuss label format in the protocol / on the wire. >> >> >> >> >> _______________________________________________ >> Labeled-nfs mailing list >> Labeled-nfs at linux-nfs.org >> http://linux-nfs.org/cgi-bin/mailman/listinfo/labeled-nfs >> >> >> > > _______________________________________________ > nfsv4 mailing list > nfsv4 at ietf.org > https://www.ietf.org/mailman/listinfo/nfsv4 > > -- Best Regards Sorin Faibish Corporate Distinguished Engineer Network Storage Group EMC? where information lives Phone: 508-435-1000 x 48545 Cellphone: 617-510-0422 Email : sfaibish at emc.com