RE: NEA requirements (was Re: [Nea] Re: use of a design team to developrequirements)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: NEA requirements (was Re: [Nea] Re: use of a design team to developrequirements)

To: <nea at ietf.org>
Subject: RE: NEA requirements (was Re: [Nea] Re: use of a design team to developrequirements)
From: "Blumenthal, Uri" <uri.blumenthal at intel.com>
Date: Mon, 18 Dec 2006 16:51:57 -0500
List-archive: <http://www1.ietf.org/pipermail/nea>
List-help: <mailto:nea-request@ietf.org?subject=help>
List-id: Network Endpoint Assessment discussion list <nea.ietf.org>
List-post: <mailto:nea@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/nea>, <mailto:nea-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/nea>, <mailto:nea-request@ietf.org?subject=unsubscribe>
Thread-index: Acci4qD7TqMIPU2IRVK1UZf9EKk/MQACjTUg
Thread-topic: NEA requirements (was Re: [Nea] Re: use of a design team to developrequirements)

>> I have assumed that the network could require information
>> to allow access.
>
> What kind of information?  Why?  What will the NEA
> server do with that information once it receives it?

NEA server probably couldn't care less for what kind
of information it is transferring. Policy-driven.

As long as there is NEA agent (or clent) on the 
supplicant machine, it can pass whatever info it
deems right.

So practically - as long as either the NEA client
or the relevant plug-in that talks to it, can get
the information that the server requests - that 
piece of data will cross the wire. 

> When I work through the various scenarios,
> I don't see much use for queries.

Whether there is a "chatter", is unclear. 

Perhaps NEA server will be able to mention everything it 
wants in one request, and the client might be able to 
pack all the data into one response. Or perhaps NEA
client will just shove everything it can get about
the system and send it in one bunch, without being
specific - in response to a generic request.

Perhaps based upon the first response to small and generic query, 
the server will choose to send more specific queries to learn 
about some particulars of the client machine.

>> The user could also refuse to provided certain information. 
>> The result on the network side might be to allow only access
>> to a remediation network. 

An old example: "Customer doesn't have to provide his 
Social Security number, the bank doesn't have to grant 
the loan." :-)

>> The result on the user side might be to only allow
>> the user to connect to a particular web site. 
>> The point is that policy exists at both places.
>
> Of course.

What's that "second place" where the policy exists?

>> The value of queries  to at least some people is the
>> reason for the wg.
>
> That's nice.  Do you have *concrete* examples that
> we can talk about?

Me too :-)

Do you mean a small set of generic posture attributes that 
every host is supposed to carry? 
Regardless, it doesn't seem to be the main focus of this WG. :-)

_______________________________________________
Nea mailing list
Nea at ietf.org
https://www1.ietf.org/mailman/listinfo/nea

Follow-Ups:
- Re: NEA requirements (was Re: [Nea] Re: use of a design team to developrequirements)
  - From: Alan DeKok

Prev by Date: NEA requirements (was Re: [Nea] Re: use of a design team to develop requirements)
Next by Date: Re: NEA requirements (was Re: [Nea] Re: use of a design team to developrequirements)
Previous by thread: [Fwd: Re: [Nea] use of a design team to develop requirements]
Next by thread: Re: NEA requirements (was Re: [Nea] Re: use of a design team to developrequirements)
Index(es):
- Date
- Thread

RE: NEA requirements (was Re: [Nea] Re: use of a design team to developrequirements)

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.