[acs-wg] Draft writing for GGF15
Michael Behrens
behrens at r2ad.com
Thu Sep 1 20:59:02 CDT 2005
Thanks.
Also - I see there an action for me to drill down into Byte-IO. I did
talk with Mark Morgan about this at the OGSA meeting a little. There
specification can support extensions for other transport mechanism.
I'll look over my notes and see if I can get some more details.
Perhaps we can invite Mark to join our teleconference for a Q&A?
Keisuke Fukui wrote:
> Folks,
>
> FYI, attached is the minutes for telecon when we discussed about the
> security description in the past call.
>
> -Keisuke
>
> ------------------------------------------------------------------------
>
> Subject:
> [acs-wg] Teleconference minutes - June 15
> From:
> Sachiko Wada <sachiko at ascade.co.jp>
> Date:
> Mon, 15 Aug 2005 13:37:40 +0900
> To:
> acs-wg at ggf.org
>
> To:
> acs-wg at ggf.org
>
>
>Hi team,
>
>Here is the minutes of the last teleconf.
>Please review it and point out where the record is not correct, if any.
>
>It is also available at Gridforge:
>https://forge.gridforum.org/projects/acs-wg/document/minutes-20050810/en/1
>
>Sachiko
>
>
>
>------------------------------------------------------------------------
>
>======================================================================
>ACS Teleconference
>-----------------------------------------------------------------------
>Date and Time: August 10 20:10-21:40 EDT 2005 / August 11 9:10-10:40 JST, 2005
>Participants:
> Keisuke Fukui (Fujitsu)
> Tom Studwell (IBM)
> Peter Ziu (Northrop)
> Michael Behrens (R2AD)
> Sachiko Wada (ASCADE) - minutes
>------------------------------------------------------------------------
>* Review of the minutes of day 2 for F2F
> Minutes approved.
>
>* Data replication use case
> We glanced over the replication use case of OGSA-D.
> It seems that there are no conflicts between OGSA-D and ACS.
> We should learn data area specs, including another relevant WG
> such as ByteIO, so that ACS can get along with those specs.
> We continue this discussion on the ml.
>
>* Security updates
> We agreed on the basic security policy of ACS as Keisuke summarized
> in the previous post on Aug 10 JST.
> -------------------------------------------------------------------
> - We may simply specify to reserve an extension point for access
> constraint information, such as XACML, in AAD. Optionally, we may
> describe our considerations as an informational part demonstrating
> how this can be utilized.
> - We will not specify the security features for ARI (SOAP message
> exchange) since this should be covered by existing standard spec or
> profile. We will refer to the external relevant specs or profiles,
> such as OGSA Basic Profile.
> - We may include description about the *optional* AA signature, in
> consideration mainly for when AA Document is handled out of secured path.
> Though we may define the range of contents that the signature will cover,
> the technologies to be used for signature, such as an XML signature or
> signature used in Jar file, may be left unspecified or just listed as
> candidates.
> - Authentication detail is up to the security entity in the system, both
> for specification and for design. The implementation of ACS may have
> interface to it, but the ACS specification will not specify it. (example
> interaction may be demonstrated as an informational description.)
> - ACS implementation can be one of the security PEP in the system, in a sense
> it may accept or reject the service request to the repository, depending
> on the Authorization Decision Assertion returned from the Policy Decision
> Point, which I assume the security entity (or service) in the system is.
> ACS may simply match the security token presented in the request (in a SOAP
> header part) and the Assertion, in order to enforce the policy.
> -------------------------------------------------------------------
> Mike mentioned that ByteIO covers security issues in moving around
> files and we may find an input from it.
> Action: Mike, to look down into the ByteIO.
>
>* Meta data discussion
> The proposal from Keisuke and Sachiko is to sort out meta data for AA
> into two classes. It includes the below information for each:
> a) Static description for the AA, for example,
> - File list of the Application Contents with key information for
> GetContents. (REQUIRED)
> - AA Identifier, which contains name of the AA and version information.
> (REQUIRED)
> - Access control policy for each Application Content. (OPTIONAL)
> (Can be a pointer to actual file in ACs.)
> - Human-readable description of the AA (OPTIONAL)
> - Extension point, i.e. xsd:any (OPTIONAL)
> b) Live meta data that can be dynamically augmented by ACS repository.
> - Owner of the the AA instance (OPTIONAL ? )
> This may be retrieved from the security token in the SOAP header or
> Create parameter (administrative information) in case of this process
> is done by the proxy service.
> - Creation datetime of the AA instance (REQUIRED)
> - Change history information for the AA instance.
> The static description may be augmented by ACS in the resource property of
> the AA instance. It may depend on what it is for. We continue this
> discussion on the ml.
>
>* Schedule for drafting a specification
> We agreed on the proposed TOC with some modification and made assignment
> of some of the sections.
> The proposed schedule is an aggressive one and we may need adjustment
> depending on the progress.
> Action: Keisuke, to post the latest TOC with the name in charge on the ml.
> (Done on Aug 11 JST)
>
>* Updates (NAREG PSE)
> Keisuke posted NAREGI PSE diagram on Aug 3 JST, which confirms that there
> is not issues between our spec. and their design. No issues or questions
> were raised.
>
>* Wrap up, Next meeting
> We agreed that we will skip the call for next week.
> Date: Aug 24 Wed 20:00 EDT/Aug 25 Thu 9:00 JST
> Calling #: will be announced later
> NOTE: Next regular meeting will be skipped.
>
>
--
Michael Behrens
R2AD, LLC
(571) 594-3008 (cell) *new*
(703) 714-0442 (land)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.ogf.org/pipermail/acs-wg/attachments/20050901/f40786b6/attachment.htm
More information about the acs-wg
mailing list