IP Security Policy BOF (ipsp) Wednesday, March 17 at 1530-1730 ================================ Chairs: Luis A. Sanchez Roy Pereira DESCRIPTION: The rapid growth of the Internet and the need to control access to network resources (bandwidth, routers, hosts, etc.) has quickly identified the need for representing, discovering, exchanging and managing the policies that control access to these resources in a scalable, secured and reliable fashion. Current IP security protocols [RFC2401-2412] can exchange keying material using IKE [RFC2409] and protect data flows using the AH [RFC2402] and/or ESP protocols [RFC2406]. The scope of IKE limits the protocol to the authenticated exchange of keying material between the source and destination of a communication. However, along the path of communication, there may be intermediate policy constraints in entities such as security gateways and router filters. There is a need for end hosts of a communication and/or, for their respective administrative entities, to securely discover and negotiate access control information for the end hosts and for the policy enforcement points (security gateways, routers, etc.) along the path of the communication. To address these problems the IPSP Working Group will: 1) specify a data model for supporting IP security policies, 2) specify an extensible IPSec policy specification language, and; 3) develop a policy discovery, exchange and resolution protocol independent of any security protocol suite and key management protocol. The proposed work item for this group would yield standards that are compatible with the existing IPSec architecture [RFC 2401] and IKE, complementing the standards work achieved by the IPSec Working Group. The data model, specification language and exchange protocol will be derived from the following documents: draft-ietf-ipsec-policy-model-00.txt draft-ietf-ipsec-vpn-policy-schema-00.txt draft-ietf-ipsec-spsl-00.txt draft-ietf-ipsec-sps-00.txt This group will coordinate with other IETF working groups working on specifying policies and policies schemas in order to maintain compatibility and interoperability. AGENDA: - Agenda bashing - Presentation: do we need policy based security management? - Presentation: what are the requirements for any solution? - Series of short presentations of related work - Open discussion and consensus gathering: do we need to form a WG to do the proposed work? - Collect feedback and modify charter - adjourn