[caops-wg] Draft minutes from CAOPS Session on 16.10
Christos Kanellopoulos
skanct at grid.auth.gr
Sun Oct 21 09:42:29 CDT 2007
Dear all,
Find below a draft version of the minutes from the CAOPS session
on 16.10.2007. Please review them and send any comment to the list.
On Wednesday 23.10.2007 I will upload it on GridForge.
-C.
CAOPS Session OGF 21 16.10.2007
-------------------------------------
Note Takers: Licia Florio, Christos Kanellopoulos
-------------------------------------
David Groep: Grid Certificate Profile
.....................................
x The document has finished the public comment period as of October 8.
A1: David Groep to send email to the CAOPS mailing list with answers
to the comments
A2: Christos Kanellopoulos to test IE7 with CA certificate that has
been reissued
A3: By Nov 6 a new version of the document should be available that
will address all the comments. There is going to be one week
afterwards for group comments and then it will be pushed to the
editor's queue.
Yoshio Tanaka: Audit Document
..............................
x New version of the document was uploaded to GridForge
- Christos Kanellopoulos: The document should provide a generic
framework for performing audits on Grid IdPs. We should remove any
statements on the preferred answers for each question in the document
- Mike Helm: This look very much like the spreadsheet that is being
used within TAGPMA for CA accreditation.
A4: Mike Helm to send the spreadsheet template at the CAOPS mailing
lists
A5: By end of November a new version of the document should be ready.
Christos Kanellopoulos to help with the editing.
David Groep: Name Constraints
..............................
x Still waiting for the replies from the people at OGF 20 CAOPS session
x The implementation details will be stripped off from the document
and it will be focused on the requirements for providing namespace
constraints at the policy lave.
- David Chadwick: What we want to achieve with this document can be
found in the initial X.509 specs that got completely twisted around
'97. This is expected to be changed in the new versions of the X.509
document
- David Chadwick: Wild-card matching, as it is expressed in the
document, did not exist in the X.500 specs. Subtree matching was part
of the specs though
- David Groep: We've added wild-card matching exactly to perform
subtree matching
A6: David Chadwick to send details at the CAOPS mailing list
A7: David Groep to update the document with reference to the
documents that David Chadwick will (if and where necessary)
- Rachana Ananthakrishna: Globus will implement Namespace policies
within 2008 Q1. Going to use the current policy language
- David Groep: suggested that Globus eliminates the 1024 char
limitation.
A8: New version of the document by late December
Mike Helm: OCSP Requirements for Grids
......................................
x The document was derailed from its initial scope during its
development in the past two years.
x We should revisit the document focusing on the Trusted Responder
concept.
x There is a lot of useful information within the document that could
be used in future documents.
x There is some work done in IETF that supersedes the document.
However it is worth to look at Trusted Responder. Seems like the
current trend is to use CRLs or short-lived certificates.
- Mike Helm: Users seem to be happy with the current CRL solution.
Even when they face problems, they prefer to (over) engineer around
them.
- Rachana Ananthakrishna: In order for Globus to start working on an
implementation, they need to have specific requirements from the users
A9: Mike Helm: New draft document by early January
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3088 bytes
Desc: not available
Url : http://www.ogf.org/pipermail/caops-wg/attachments/20071021/250cb57c/attachment.bin
More information about the caops-wg
mailing list