[caops-wg] Draft minutes from CAOPS Session on 16.10

David Chadwick d.w.chadwick at kent.ac.uk
Mon Oct 22 04:43:34 CDT 2007 

Hi Christos

I actually did send the X.501 substree specification to the list whilst 
the meeting was still active, so the notes should reflect that I did 
this during the meeting, rather than saying that I still have to do it 
after the meeting

regards

David


Christos Kanellopoulos wrote:
> Dear all,
> 
>   Find below a draft version of the minutes from the CAOPS session on 
> 16.10.2007. Please review them and send any comment to the list. On 
> Wednesday 23.10.2007 I will upload it on GridForge.
> 
> -C.
> 
> CAOPS Session OGF 21 16.10.2007
> -------------------------------------
> 
> Note Takers: Licia Florio, Christos Kanellopoulos
> 
> -------------------------------------
> 
> 
> David Groep: Grid Certificate Profile
> .....................................
> 
> x The document has finished the public comment period as of October 8.
> 
> A1: David Groep to send email to the CAOPS mailing list with answers to 
> the comments
> A2: Christos Kanellopoulos to test IE7 with CA certificate that has been 
> reissued
> A3: By Nov 6 a new version of the document should be available that will 
> address all the comments. There is going to be one week afterwards for 
> group comments and then it will be pushed to the editor's queue.
> 
> 
> 
> Yoshio Tanaka: Audit Document
> ..............................
> 
> x New version of the document was uploaded to GridForge
> 
> - Christos Kanellopoulos: The document should provide a generic 
> framework for performing audits on Grid IdPs. We should remove any 
> statements on the preferred answers for each question in the document
> - Mike Helm: This look very much like the spreadsheet that is being used 
> within TAGPMA for CA accreditation.
> 
> A4: Mike Helm to send the spreadsheet template at the CAOPS mailing lists
> A5: By end of November a new version of the document should be ready. 
> Christos Kanellopoulos to help with the editing.
> 
> 
> David Groep: Name Constraints
> ..............................
> 
> x Still waiting for the replies from the people at OGF 20 CAOPS session
> x The implementation details will be stripped off from the document and 
> it will be focused on the requirements for providing namespace 
> constraints at the policy lave.
> 
> - David Chadwick: What we want to achieve with this document can be 
> found in the initial X.509 specs that got completely twisted around '97. 
> This is expected to be changed in the new versions of the X.509 document
> - David Chadwick: Wild-card matching, as it is expressed in the 
> document, did not exist in the X.500 specs. Subtree matching was part of 
> the specs though
> - David Groep: We've added wild-card matching exactly to perform subtree 
> matching
> 
> A6: David Chadwick to send details at the CAOPS mailing list
> A7: David Groep to update the document with reference to the documents 
> that David Chadwick will (if and where necessary)
> 
> - Rachana Ananthakrishna: Globus will implement Namespace policies 
> within 2008 Q1. Going to use the current policy language
> - David Groep: suggested that Globus eliminates the 1024 char limitation.
> 
> A8: New version of the document by late December
> 
> Mike Helm: OCSP Requirements for Grids
> ......................................
> 
> x The document was derailed from its initial scope during its 
> development in the past two years.
> x We should revisit the document focusing on the Trusted Responder concept.
> x There is a lot of useful information within the document that could be 
> used in future documents.
> x There is some work done in IETF that supersedes the document. However 
> it is worth to look at Trusted Responder. Seems like the current trend 
> is to use CRLs or short-lived certificates.
> 
> - Mike Helm: Users seem to be happy with the current CRL solution. Even 
> when they face problems, they prefer to (over) engineer around them.
> - Rachana Ananthakrishna: In order for Globus to start working on an 
> implementation, they need to have specific requirements from the users
> 
> A9: Mike Helm: New draft document by early January
> 
> 
> ------------------------------------------------------------------------
> 
> --
>   caops-wg mailing list
>   caops-wg at ogf.org
>   http://www.ogf.org/mailman/listinfo/caops-wg

-- 

*****************************************************************
David W. Chadwick, BSc PhD
Professor of Information Systems Security
The Computing Laboratory, University of Kent, Canterbury, CT2 7NF
Skype Name: davidwchadwick
Tel: +44 1227 82 3221
Fax +44 1227 762 811
Mobile: +44 77 96 44 7184
Email: D.W.Chadwick at kent.ac.uk
Home Page: http://www.cs.kent.ac.uk/people/staff/dwc8/index.html
Research Web site: http://www.cs.kent.ac.uk/research/groups/iss/index.html
Entrust key validation string: MLJ9-DU5T-HV8J
PGP Key ID is 0xBC238DE5

*****************************************************************

More information about the caops-wg mailing list