[Fedsec-cg] XACML profiles
Jens Jensen
j.jensen.ral at googlemail.com
Tue Sep 23 11:13:43 EDT 2014
Hi Mischa,
Thanks for your mail. The GFD.205 document should be the basis for
authorisation interoperation but if more stuff is needed, a revision or a
supplementary document could be the way to do it. For extensions to the
profile, perhaps a supplementary document. GFD.205 was formally at home in
FEDSEC, but hopefully public comments would have come from all the OGF
"community" . For now I suggest gathering the any new stuff you propose and
then we can see how to amend or otherwise document that.
As regards your SAML profile for execution environments, I would suggest
starting with what you need and then later we could try to identify what is
common - and what is different - compared to other similar profiles. For
example, in EUDAT we are experimenting with SAML profiles - well, *cough*
we did some work back in March for ISGC2014 - but the idea is to have a
federation-level management of authorisation, so all the different
communities are managed in a consistent way across the federation, even if
their source of authorisation comes from different AAs. This profile would
also need user identities, and hostnames or at least site identities (as
not all sites support all communities), so it would be interesting to look
for overlaps as well. Of course we should not try to force overlaps where
none is needed.
I would suggest outlining documents with requirements and thoughts for now,
and then circulate to fedsec and other Usual Suspects, and we can then see
if we can identify common areas with related work - and if we want to. In
the worst case you will have a sort of writeup already which you could turn
into an OGF document. But my thinking is that if we can identify some
common ground, which we could usefully try to do in OGF, then that would be
interesting, might increase the opportunity for interoperation or reduce
the work required somewhere.
Cheers
--jens
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.ogf.org/pipermail/fedsec-cg/attachments/20140923/e7662684/attachment.html>
More information about the Fedsec-cg
mailing list