[Fedsec-cg] XACML profiles

Mischa Salle msalle at nikhef.nl
Tue Sep 23 10:45:03 EDT 2014 

Hi Jens, others,

Brian and I are having discussions about extensions to the XACML
interoperability profile
http://www.ogf.org/documents/GFD.205.pdf (or
https://redmine.ogf.org/dmsf/fedsec-cg?folder_id=6535)
How should we go about this? We're currently still discussing possible
ways of adapting, but ultimately it should lead to a new standard we
both want to adopt. If I understood correctly, GFD.205 was mostly guided
within the fedsec group.

Secondly, together with John White, I hope to write an XACML profile
aimed at provising and managing virtual machines.
Some background: we -- Nikhef -- have developed an XACML-talking
'Execution Environment Service' that can run as backend to the EMI Argus
service [1]. It typically runs one or more plugins to do the hard work,
and John White has been developing a OpenStack plugin which should be
able to boot up VMs with proper authorization. In order for this to all
work, we need to develop a new profile for passing information around,
such as user identities, VM hostnames etc., new action and resource
attributes and ways to encapsulate the authorization policies. As far as
I know, this is pretty much uncharted territory. Again, what would be
the best way to start with this?

    Cheers,
    Mischa

[1] Design of the Execution Environment Service https://edms.cern.ch/document/1018216/1


-- 
Nikhef                      Room  H155
Science Park 105            Tel.  +31-20-592 5102
1098 XG Amsterdam           Fax   +31-20-592 5155
The Netherlands             Email msalle at nikhef.nl
  __ .. ... _._. .... ._  ... ._ ._.. ._.. .._..
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 4332 bytes
Desc: not available
URL: <http://www.ogf.org/pipermail/fedsec-cg/attachments/20140923/b8e978d0/attachment.bin>

More information about the Fedsec-cg mailing list