Ira,
Perhaps that was an unfortunate term to use. I think Axeda uses the term "firewall friendly (C)". The intent is to provide limited access to imaging devices without jeopardizing enterprise or network security, but also without requiring special tunneling in the firewalls beyond what must be done to provide employee internet access. Indeed, it was my understanding that this is a basic premise of PSI as well.
If there are firewall application cracking, then we must consideration how to address that. But, from the perspective of someone involved with deploying such equipment, the approach become much less viable (read unacceptable to most customers) if special firewall setup is needed.
.
Thanks.
Bill Wagner
-----Original Message-----
From: McDonald, Ira [mailto:imcdonald@sharplabs.com]
Sent: Friday, February 21, 2003 12:35 PM
To: Wagner,William; 'Wbmm (E-mail)
Subject: RE: WBMM> RE: Scope and Starting Point
Hi Bill,
I disagree - "finessing firewalls" by using HTTP (presumably
on specifically port 80?) is NOT a valid goal in my opinion.
Neither customers nor vendors should WANT to "finesse"
firewalls.
Cheers,
- Ira McDonald
PS - Note that most new firewalls do application level cracking
of HTTP port 80 traffic, so "finessing" them is not going to be
easy in the future.
-----Original Message-----
From: Wagner,William [mailto:WWagner@NetSilicon.com]
Sent: Thursday, February 20, 2003 4:04 PM
To: 'Wbmm (E-mail)
Subject: RE: WBMM> RE: Scope and Starting Point
Bob Tailor had a very good suggestion. "..try to identify the issues before
[the conference call]
so you might ask that everyone post them to WBMM before the meeting. For
"simple" issues, we may be able to knock them off in email, saving our phone
time for the more significant/contentious issues."
I had intended that sort of thing in asking for comments on the write-up (or
any other comments that were felt to be germane). But an explicit request
may be more fruitful.
Please forward your issues to the list!
Lets start with a few that I see.
1. Basic purpose: I have defined it as access by an external agent to
imaging devices on an enterprise network, for the purpose of monitoring
usage and alerts, perhaps for doing maintenance tests and general
configuration, and perhaps for downloading files including executables,
fonts, upgrades, etc.
a. Do we have agreement on this?
b. Is there a strong feeing that the scope must be expanded, and if
so, how?
2. Consideration of the approaches in the documents referenced by Ira, Lee
and Don (thank you all). Should we embrace, ignore, or possibly extract some
aspects from which ones?
My contention is:
a. as overall approaches, all seem to lack the concept of finessing
firewalls
b. approaches intended for managing/configuring networks miss the
problems of an external agent trying to manage devices on the network. The
MIS people want some inherent restrictions on what the external site can do,
and in many cases, want to be able to monitor messages being sent out to
make sure that there is nothing untoward.
c. we may however, want to consider some other aspects of the other
approaches. Perhaps the coding or the notion of XML coded RPCs.
3. Is there general agreement on the use of HTTP clients operating in a
Browser-like mode as the mechanism to finesse firewall?
Please feel free to add issues!
Many thanks,
Bill Wagner/NetSilicon
-----Original Message-----
From: TAYLOR,BOB (HP-Vancouver,ex1) [mailto:bobt@hp.com]
Sent: Thursday, February 20, 2003 3:49 PM
To: Wagner,William
Subject: FW: WBMM> RE: Scope and Starting Point
3/4 4-5 EST works for me. One suggestion: Given that you only are
allocating one hour, it might be good to try to identify the issues before
then, so you might ask that everyone post them to WBMM before the meeting.
For "simple" issues, we may be able to knock them off in email, saving our
phone time for the more significant/contentious issues.
bt
-----Original Message-----
From: Wagner,William [mailto:WWagner@NetSilicon.com]
Sent: Wednesday, February 19, 2003 6:11 PM
To: wbmm@pwg.org
Subject: WBMM> RE: Scope and Starting Point
Greetings:
I have attached some thoughts on the use cases the WBMM should be
addressing, and taken a cut at defining a starting point. The document is
posted to:
ftp://ftp.pwg.org/pub/pwg/wbmm/white/wbmm_Scope&Start.pdf
I would appreciate some feedback with the objective of finding common ground
within the working group. Would a conference call on 4 March, 4-5 PM EST be
agreeable?
Bill Wagner
This archive was generated by hypermail 2b29 : Fri Feb 21 2003 - 12:54:50 EST