IP Security Policy BOF (ipsp)

Wednesday, March 17 at 1530-1730
================================

Chairs: Luis A. Sanchez <lsanchez@bbn.com>
        Roy Pereira <rpereira@timestep.com>

DESCRIPTION:

The rapid growth of the Internet and the need to control access to
network resources (bandwidth, routers, hosts, etc.) has quickly
identified the need for representing, discovering, exchanging and
managing the policies that control access to these resources in a
scalable, secured and reliable fashion.

Current IP security protocols [RFC2401-2412] can exchange keying
material using IKE [RFC2409] and protect data flows using the AH
[RFC2402] and/or ESP protocols [RFC2406]. The scope of IKE limits 
the protocol to the authenticated exchange of keying material 
between the source and destination of a communication.

However, along the path of communication, there may be intermediate
policy constraints in entities such as security gateways and router
filters. There is a need for end hosts of a communication and/or, 
for their respective administrative entities, to securely discover 
and negotiate access control information for the end hosts and for 
the policy enforcement points (security gateways, routers, etc.) 
along the path of the communication.

To address these problems the IPSP Working Group will:

  1) specify a data model for supporting IP security policies, 

  2) specify an extensible IPSec policy specification language, and;

  3) develop a policy discovery, exchange and resolution protocol 
     independent of any security protocol suite and key management 
     protocol.

The proposed work item for this group would yield standards that 
are compatible with the existing IPSec architecture [RFC 2401] and 
IKE, complementing the standards work achieved by the IPSec Working
Group. The data model, specification language and exchange protocol
will be derived from the following documents:

	draft-ietf-ipsec-policy-model-00.txt
	draft-ietf-ipsec-vpn-policy-schema-00.txt
	draft-ietf-ipsec-spsl-00.txt
	draft-ietf-ipsec-sps-00.txt

This group will coordinate with other IETF working groups working 
on specifying policies and policies schemas in order to maintain
compatibility and interoperability.

AGENDA:

- Agenda bashing
- Presentation: do we need policy based security management?
- Presentation: what are the requirements for any solution?
- Series of short presentations of related work
- Open discussion and consensus gathering: do we need to form a WG to
  do the proposed work?
- Collect feedback and modify charter
- adjourn