This is a rough draft - Megan 04/14/92 IETF/TSIG Trusted NFS Working Group January '92 Meeting Summary Working Group Chair: Fred Glover Attendees: Fran Fadden DEC Jonathon Fraser DEC Fred Glover DEC Ali Gohshan HP Narayan Makaram Amdahl Corporation Mark Saake Lawrence Livermore Labs Carl Smith Sun Microsystems, Inc. Charlie Watt SecureWare 1. IETF/TSIG TNFS Working Group Meeting Summary 1.1. General Summary The TNFS working group met in January as a joint IETF/TSIG working group. By the end of this meeting, we achieved clo- sure on the TNFS document; all outstanding issues were resolved. The updated document will be archived, and a request will be made to advance the document from Internet Draft to Proposed Standard. 1.2. Meeting Summary During the January meeting, we: o inspected (page by page review) the modifications to the TNFS document, o reviewed the TKM specification o discussed the DNSIX token mapping mechanism o discussed plans for associated TNFS documentation o reviewed interoperability opportunities, future plans o discussed TSIG document numbering; assigned TSIG document numbers 1.2.1. TNFS Document Review The IETF TNFS document has been available for comments in *** IETF/TSIG TNFS Working Group - 01/92 Meeting Summary *** - 2 - the IETF Draft directory and TNFS archive since July, 1991. During the January meeting, the working group completed work on the resolution of all of the outstanding draft comments, and voted to advance the draft to that of Proposed Standard. Conforming implementations are being encouraged in order to support future interoperability testing. Final updates to the TNFS document include: o the distinguished value will be changed from ZERO to "all bits on" o the document will be updated to clarify the use of process and file privileges o a single privilege token will be included in the credential and file attribute structures; this token may be used to represent either a single or multiple privilege sets o client side auditing will be enabled by default; a note regarding auditing of non-MLS clients will be included o file name labeling and multi-level directories will be included in the TNFS specification, along with new protocol operations to support them o the client caching section will be updated to reflect additional considerations in the use of cached information after a modification to a pro- cess' security attributes The updated document will be included in the IETF and TNFS archives. 1.2.2. Token Manager Review Closure was also reached for TKM document, in its support for TNFS, with the following updates: o include new protocol operation for inverse mapping (attribute to token) o update the document to use the AUTH_UNIX creden- tial; this is required to eliminate initialization deadlock The updated TKM document will be placed into the IETF draft directory and the TSIG TNFS archive. 1.2.3. DNSIX Token Mapping Charlie Watt presented an overview of the DNSIX token *** IETF/TSIG TNFS Working Group - 01/92 Meeting Summary *** - 3 - mapping mechanism. The working group provided a few edi- torial comments back to him. The major issue identified was whether this Token Mapping model would be made public, and thus available to the IETF community. Charlie believed that this would happen in the future, and a representative from the government also confirmed that this was planned. At the present time, however, the document is not publicly avail- able. So any possibilities for potential IETF use are delayed until the document can be distributed. 1.2.4. Associated TNFS Documentation The working group recommended that the TNFS Implementation and TNFS Administration guides be updated based on the October '91 reviews of these documents, and then placed in the TNFS archive and the IETF Draft directory as informa- tional RFCs. 1.2.5. Interoperability Testing The working group reviewed the progress of implementations, and discussed the possibility of interoperability testing at the April IETF/TSIG meeting. A proposed test plan was reviewed, which would be used for this purpose. 1.2.6. TSIG Document Numbering During the plenary session, a document numbering scheme was selected. Using this scheme, the working group assigned the following document numbers: TNFS Specification:TSIG-TNFS-001.02.01 TNFS Test Plan:TSIG-TNFS-002.01.01 TNFS Test Attributes:TSIG-TNFS-003.01.01 TNFS Implementation Guide:TSIG-TNFS-004.01.01 TNFS Administration Guide:TSIG-TNFS-005.01.01 TNFS TKM Specification:TSIG-TNFS-006.01.01 TNFS tnfs.hTSIG-TNFS-007.01.01 1.3. Next Meeting The TNFS group will plan to meet as both a TSIG and an IETF working group at the April meeting in Mountain View, Cali- fornia. At that meeting, we will plan to: o review the "final" version of the TNFS documents (updated documents placed into the TNFS archive and IETF drafts directory: Fred, Fran, Carl, Ali) *** IETF/TSIG TNFS Working Group - 01/92 Meeting Summary *** - 4 - o review the interoperability test plan (all) o update/develop NFS test suite extension for TNFS (Fran) o identify conforming implementations to support our request to transition our TNFS document (all) o investigate NFS lock manager and status monitor for B1/CMW extensions (Charlie) o commence identification of auditable TNFS events (Mark) o place "tnfs.h", test plan, test attributes into TNFS archive (Fred) The April meeting is planned for the 28th-30th at Silicon Graphics in Mountain View, California.