[cap-talk] Bill Frantz HP challenge (was: Re: [Confused deputies in hybrid systems (was: Loss of control))
Karp, Alan H
alan.karp at hp.com
Tue Feb 5 17:46:38 EST 2008
Jed wrote:
>
> I think the difficulty with this situation is that the only
> place there is information about where this communication is
> coming from is in the firewall. To deal with this I suggest
> a forwarding service. The main service is simply not available
> for access directly from outside the firewall. It only accepts
> "outside" requests from the forwarding service. The forwarding
> service does the delegation from an inside identity to the
> corresponding "outside" identity. When this request gets
> forwarded to the inside server, it has the information that
> it needs to enforce it's policy (inside or outside).
>
Or you could just VPN in and be logically inside the firewall.
________________________
Alan Karp
Principal Scientist
Virus Safe Computing Initiative
Hewlett-Packard Laboratories
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-7029
http://www.hpl.hp.com/personal/Alan_Karp
More information about the cap-talk
mailing list