Re: Proxy User Stories from Nicolas Mailhot on 2013-12-11 (ietf-http-wg@w3.org from October to December 2013)

From: Nicolas Mailhot <nicolas.mailhot@laposte.net>
Date: Wed, 11 Dec 2013 11:45:56 +0100
To: "Amos Jeffries" <squid3@treenet.co.nz>
Cc: ietf-http-wg@w3.org
Message-ID: <62d88216fde8b9f481b05f7637255fc8.squirrel@arekh.dyndns.org>
Some other stories

Ann runs bigcorp proxy. The proxy agregates internet traffic of all
bigcorp users, with an anonymizing effect (third parties can only track
traffic to the outbound proxy ips). That suits Ann fine as what her users
do is none of the business of third parties. However bigcorp gives lots of
freedom to its users on how they use the company Internet access, as long
as it does not impact company performance. But it does not wish to be
liable for the offences its employees may commit as part of their
non-professional browsing. Therefore bigcorp requires them to sign an
ethical chart, but realises this alone has no strong deterrent effect. As
a consequence Ann requires user auth on the proxy, logs all outbound
traffic, and the chart warns users that judges can subpoena their traffic
in case of problems.

Bill runs company proxy. Company worries about employees that use modern
communication tools to run a second activity during work time. Therefore
Bill requires user auth on the proxy, logs all outbound traffic, and
internal regulation warn users their managers can request their outbound
logs (subject to internal checks to avoid abuses).

Celia runs corp proxy. Corp knows that part of its users are completely
overwhelmed by modern tools and do not realise the implications of some
web services that lie or hide relevant information to their users to avoid
worrying them about "complex security decisions". Therefore Celia has to
log all outbound traffic and require proxy auth, so in case of data breach
on one web sites other users of this web site can be identified to check
if they also contributed to leaks.

Dan runs corp proxy. He's asked to provide a high availability service
since more and more of corp business relies on always on web access.
Therefore he maintains several proxy farms on different physical sites,
and needs his user browsers to switch between those sites in case of
incident. Proxies use auth and can not share auth accross sites for
reliability reasons, so the browsers needs to change network paths without
hammering users with auth requests.

Emma runs corp proxy. For various business reasons proxy requires user
auth. Infinite auth has no security value so Emma's proxy need to notify
web clients to re-auth after a while, including when they're started a tls
sessions.

Fred runs corp proxy. He's asked to provide a high availability service
since more and more of corp business relies on always on web access.
However no capacity planning can cope with the potential volumes of
non-professionnal vidéo browsing. Therefore Fred needs his proxy to
identify all audio/vidéo traffic, TLS or not, and block all the accesses
users have not explicitly declared as necessary for business reasons.

Geraldine runs corp proxy. Her job is to make browsing as fast and safe as
possible. However various third-parties have started tunnelling non-http
traffic over http(s) ports to avoid the security reviews opening a new
port to the outside entails. Geraldine has no love for those "solutions",
she is not authorised to carry non-http traffic, non-http traffic does not
cache, does not match the network profiles she planned for, and is a
security risk. Therefore she wants her proxy to do enough protocol
decoding (including over TLS) to reject those accesses and force the
entities that deploy them to go through the normal security review
process. She knows that quite often her users do not realise the
"convenient browser plugin needed to access our web site" they've
installed will tunnel other protocols, and that they've been lied to by
their partners to avoid worrying them about "complex security decisions".

Hommer runs corp proxy. The load on his equipments went over the roof this
year, his users grumble his proxy sucks, and his budget is running dry. To
understand why he enabled traffic logging and realised none of the new
load was relevant to his company activities, or even to his user's wishes.
A few popular non-professionnal web sites just enabled aggressive ad
cycling and web bugs/monitoring via js tricks to earn a few pennies.
Hommer needs his equipments to be able to identify all the urls accessed
by his users and blackhole ad agencies, returning to normal network load.

Irene runs company proxy. The times are hard and company wishes to limit
the costs of the internet connexion. Therefore it asks its employees to
limit their browsing to reasonable volumes and deployed a web app that
shows them how much they consumed every day. To make this webapp work
Irene needs to authentify accesses and log the corresponding volumes in
her proxy.

Jeremy runs company proxy. Cleaning up malware infections cost a lot to
his company last year, so he's asked to run antivirus checks on all
executable files that go through his gateway. Therefore his proxy needs to
decode in clear all the files with an executable mime type downloaded by
company users. Jeremy needs his browsers to display a message in case of
malware interception so they do not retry the same infected file once its
blocked.

And I'm running out of time so I won't finish the alphabet (but I think I
could)

-- 
Nicolas Mailhot
Received on Wednesday, 11 December 2013 10:46:30 UTC