[fi-rg] Security and related activities at OGF24: an overview

Mihai Cristea M.L.Cristea at uva.nl
Fri Aug 29 04:52:50 CDT 2008 


Dear Ralph and Inder,

I would like to know how I can contribute to the FI-RG work, as I've shown
you at OGF23 an alternative solution for Grids firewalling by using tokens.


I mention that I will not attend the OGF24, but I am willing to work with
you in this field, especially to propose and define specific issues of
TokenBased Firewall in the upcoming standardization efforts.

Kind regards,
Mihai


> -----Original Message-----
> From: fi-rg-bounces at ogf.org [mailto:fi-rg-bounces at ogf.org] On Behalf Of
> David Groep
> Sent: 29 August 2008 11:02
> To: security-area at ogf.org; Mailing List for CAOPS-WG; loa-bof at ogf.org;
> ogsa-authz-wg at ogf.org; Firewall Issues RG; Morris Riedel; Erwin Laure
> Subject: [fi-rg] Security and related activities at OGF24: an overview
> 
> OGF24: Bustling with Security Activities
> 
> In a mere few weeks OGF24 will be held in Singapore. A compact
> meeting, it is packed with quite a few interesting security and
> related sessions. If you did not plan to come, maybe these still
> entice you to travel to Singapore:
> 
> 
> A jointly coordinated session with GIN will focus on how to restrict
> delegation. In the GIN grid deployments restricting what somebody (or
> a process can do) is gaining prominence, and how to design such
> restrictions when delegating credentials (both when using proxies and
> in a SAML context) is something the GIN group wants to know. One hand
> this of course includes the syntax and technical mechanisms, and
> based on current standards and developments this might be addressed
> in the short term. But how to interpret such restrictions in a common
> way? If a policy is defined to restrict access to a service or
> service method, will the implementations of such a service react in a
> similar way? This session should lead the way for a new working (or
> research?) group to address these topics.
> 
> Also at OGF24, the OGSA-AuthZ WG will be discussing the feedback
> received on the "Functional Components of Grid Service Provider
> Authorisation Service Middleware" document, which has completed its
> public comment on August 28th, and the "Use of XACML Request Context
> to Obtain an Authorisation Decision" (completed PC on Aug 13), and
> review the ongoing comments of the remaining proposed
> recommendations:
> -	Use of SAML to retrieve Authorization Credentials
> -	WS-TRUST and SAML to Access a Credential Validation Service
> This suite of four documents provides a complete view on the
> internals of authorization, and your contributions are welcome to
> ensure that the documents reflect your needs.
> 
> As a follow-up to the Firewall Issues RG, a new working group
> "Firewall Virtualization for Grid Applications" has been started to
> standardize a set of service definitions for a virtualized control
> interface into firewalls and other mid-boxes allowing the grid
> applications to securely and dynamically request
> application/workflow-specific services from those devices, for the
> duration of the service.
> 
> The CA Operations WG, jointly with the IGTF, organises a full-day
> workshop focussing on a wide range of authentication and identity
> management issues. On the technical side these include the definition
> of signing namespace constraints by relying parties, guidelines for
> auditing CAs, authentication service profiles, and the profile
> defining trust in higher-level CAs. More on the policy side, issues
> such as risk assessment and incident response in the IGTF community,
> and the management of revocation will be discussed. The Levels of
> Authentication Assurance (LoA) RG merged with CAOPS in OGF23, with
> the document "A Gap Analysis of Current LoA Definitions vs. LoA
> Requirements in e-Science/Grid Context" available for discussion.
> 
> For the operational security side: have a look at the BoF on
> Intrusion detection in Grid Computing for security issues in grid
> computing networks and proposed the possible solutions using
> Intrusion detection/prevention systems.
> 
> 
> Lastly, you have probably realised that the vacant spot left by Blair
> Dillaway as security AD (whose term ended in March) has still not
> been filled. To remedy this very unfortunate situation, please think
> hard about who you consider to be a suitable candidate (and that may
> be yourself!), and contact the OGF NOMCOM or the chair Neil Chue Hong
> directly. See http://www.ogf.org/nomcom/ for details about the NOMCOM
> process and for an application form. A healthy security area and the
> security activities in OGF merit a full complement of security ADs to
> ensure continuity past 2009!
> 
> 
> I hope to see many of you in Singapore.
> 
>        Best Regards, David Groep.
> 
> 
> --
> David Groep
> 
> ** Nikhef, Dutch National Institute for Sub-atomic Physics,PDP/Grid group
> **
> ** Room: H1.56 Phone: +31 20 5922179, PObox 41882, NL-1009DB Amsterdam NL
> **
> 
> --
>   fi-rg mailing list
>   fi-rg at ogf.org
>   http://www.ogf.org/mailman/listinfo/fi-rg

More information about the fi-rg mailing list