[dcifp-bof] Fwd: DCI Federation authentication and authorization

Alexander Papaspyrou alexander.papaspyrou at tu-dortmund.de
Tue Aug 17 07:47:31 CDT 2010 

Folks,

Gary has provided me with bits and bytes to chew on regarding security, and since Craig and Alan raised this topic in their mails, I'd like to forward this to the list and open the discussion.

Best,
Alexander

Anfang der weitergeleiteten E-Mail:

> Von: Gary Mazz <garymazzaferro at gmail.com>
> Datum: 25. Juni 2010 17:18:10 MESZ
> An: Alexander Papaspyrou <alexander.papaspyrou at tu-dortmund.de>
> Betreff: DCI Federation authentication and authorization 
> 
> Hi Alex,
> 
> In the protocol, authentication and authorization will need consideration. There are a few well known, standardized protocols for authentication, but authorization is not as robust. The authorization model determines the capabilities a user engages at an authenticated endpoint. There are multiple models for authentication, how DCI interfaces and integrates with these systems may warrant consideration.
> 
> Although these references are out of scope for DCI protocol, they show some different approaches for authorization. I picked these as a model for 2 reasons, they have formalized ontologies, they are role based RBAC which has been accepted by NIST, or role based adopted by grids. One in the long term looks very exciting, is the UCON-L (layered) version of the UCON family which has seen adoption by some grids. 
> There are other models including Liberty Alliance and XAML, however, they are at a lower level which authorization schemes are mapped in to.
> 
> cheers,
> gary
> 
> 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Thuraisingham-slides.pdf
Type: application/pdf
Size: 1297211 bytes
Desc: not available
Url : http://www.ogf.org/pipermail/dcifp-bof/attachments/20100817/641fe261/attachment-0004.pdf 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: IEEE-Policy-2007-Bhavani.ppt
Type: application/vnd.ms-powerpoint
Size: 1321984 bytes
Desc: not available
Url : http://www.ogf.org/pipermail/dcifp-bof/attachments/20100817/641fe261/attachment-0001.ppt 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: esorics07.pdf
Type: application/pdf
Size: 221073 bytes
Desc: not available
Url : http://www.ogf.org/pipermail/dcifp-bof/attachments/20100817/641fe261/attachment-0005.pdf 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: rowlbac.pdf
Type: application/pdf
Size: 209807 bytes
Desc: not available
Url : http://www.ogf.org/pipermail/dcifp-bof/attachments/20100817/641fe261/attachment-0006.pdf 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: FS07-06-022.pdf
Type: application/pdf
Size: 121440 bytes
Desc: not available
Url : http://www.ogf.org/pipermail/dcifp-bof/attachments/20100817/641fe261/attachment-0007.pdf 
-------------- next part --------------

-- 
Alexander Papaspyrou
alexander.papaspyrou at tu-dortmund.de

-------------- next part --------------
A non-text attachment was scrubbed...
Name: Alexander Papaspyrou.vcf
Type: text/directory
Size: 498 bytes
Desc: not available
Url : http://www.ogf.org/pipermail/dcifp-bof/attachments/20100817/641fe261/attachment-0002.bin 
-------------- next part --------------

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4678 bytes
Desc: not available
Url : http://www.ogf.org/pipermail/dcifp-bof/attachments/20100817/641fe261/attachment-0003.bin

More information about the dcifp-bof mailing list