OGF27 FVGA-WG Session Meeting Notes =================================== by Inder Monga and Ralph Niederberger Ralph presented the agenda for this session, gave a short overview about the objectives of the working group, and presented the current draft protocol proposal (Firewall Virtualization-service draft version 2). After describing the current status of work we started discussion on comments which came up during Ralph's presentation. Comment by Ralph himself: No IETF comments received so far after doing much effort. Proposal: Sit together with AD and OGF IETF Liason - Cees De Laat. Comment by Yuri Demchenko: You could use application secure session credentials for authorization and authentication rather than depending on the FiTP's secure session setup. These options should be supported to offer the most flexibility to the application. Proposal: Look into the draft protocol description and provide input how to change the protocol draft for supporting these options. Provide this input via the groups mailing list for further discussion. Comment by Richard Hughes-Jones (Infrastructure AD): Even though there are no comments to the protocol draft by IETF and others, we can consider making this a draft standard and then write an experience document after some time (1 year or so) with two independent interoperable implementations. We should look at taking this forward. Answer: The co-chairs felt this is too early to make it standard, but will discuss this offline. Comment: if there is a well know service and the compute nodes are in the back, do you really need this service? Answer: This depends on the application. If the application uses only well known ports, which should be open all the time, it does not make any sense to use the FiTP protocol. Then a predefined access rule would be recommended. But if those ports really need to be opened only for time frames unknown in advance and ports/port ranges may differ from application to application, the FiTP protcol would make sense. So usage will be application driven/dependent. A usage scenario document will be provided in future. At the end of the session the session chairs asked the audience again to read and comment on the current document. Any input would be very welcomed.