Trusted Network File Systems (tnfs)

Charter


Chair(s):
     Fred Glover, fglover@decvax.dec.com

Mailing Lists:
     General Discussion:  tnfs@wdl1.wdl.loral.com
     To Subscribe:  tnfs-request@wdl1.wdl.loral.com
     Archive:  archive-server@wdl1.wdl.loral.com

Description of Working Group:


     The Trusted Network File System (TNFS) working group is
     chartered to define protocol extensions to the Network File
     System (NFS) Version 2 protocol which support network file
     access in a multilevel secure (MLS) Internet environment.  MLS
     functionality includes mandatory access control (MAC),
     discretionary access control (DAC), authentication, audit- ing,
     documentation, and other items as identified in the Trusted
     Computer System Evaluation Criteria (TCSEC) and Com- partmented
     Mode Workstation (CMW) documents.

     The primary objective of this working group is to specify
     extensions to the NFS V2 protocol which support network file
     access between MLS systems.  It is intended that these
     extensions should introduce only a minimal impact on the
     existing NFS V2 environment, and that unmodified NFS V2 clients
     and servers will continue to be fully supported.

     Transferring information between MLS systems requires
     exchanging additional security information along with the file
     data.  The general approach to be used in extending the NFS V2
     protocol is to transport additional user context in the form of
     an extended NFS UNIX style credential between a Trusted NFS
     (TNFS) client and server, and to map that con- text into the
     appropriate server security policies which address file access.
     In addition, file security attributes are to be returned with
     each TNFS procedure call.  Other- wise, the NFS V2 protocol
     remains essentially unchanged.

     The Trusted System Interoperability Group (TSIG) has already
     developed a specification which defines a set of MLS exten-
     sions for NFS V2, and has also planned for the future
     integration of Kerberos as the authentication mechanism.  The
     TNFS working group should be able to use the TSIG Trusted NFS
     document as a foundation, and to complete the IETF TNFS
     specification within the next 3-6 months.

                                   1





Goals and Milestones:

Done       Review and approve the TNFS working group charter, review
           revised TSIG TNFS Specification, and publish a proposed
           standard following the July meeting.

Jul 1991   Review revised TSIG TNFS Specification.

Nov 1991   Publish a proposed standard following the July meeting.

Oct 1991   Review outstanding comments/issues from mailing list.

Oct 1991   Make any final revisions to TNFS document based on comments,
           issues, and interoperability testing.

Mar 1992   Request IESG to make the revised document a Draft Standard.

Mar 1991   Verify the interoperability of TNFS implementations at the
           1992 NFS Connectathon.



                                   2