[gin-auth] VO naming

Wed Mar 1 09:48:15 CST 2006

Hi all,

Next week I'll be giving a short 0,75 hour presentation on this topic at 
the Middleware Security group meeting @ CERN.
The focus is to inform people about this topic in short and simple terms 
to create a focussed discussion.

Ofcourse some speech needs to be applied to the slides but it should 
leverage the common idea.

I think we are still open for new input and also in the focus of making 
a (short term) decision afterwards concidering the 'N' in GIN.

Penny for your thoughts?

      Oscar

Catlett Charlie wrote:

> A TLD  would  take some time to sell (and might not be achievable).
>
> But  <something>.<existing_TLD> is certainly easy.
>
> GGF owns ggf.net by the way, but it's not used.
>
> One could also imagine something like <gridname>.ggf.net ?
>
> CeC
>
>
> On Feb 24, 2006, at 8:48 AM, Dane Skow wrote:
>
>>
>> It's not the first time a .grid TLD idea has come up. I don't know  
>> what is involved in creating one. I'm sure it's not trivial, but  
>> none of the country codes or .org/.com/.biz really fit.
>>
>> As of 2 minutes ago, I now own the grid.name domain so we might use  
>> that one. It doesn't have well established connotations (though I  
>> believe the intendition is for it to be used for individuals'  
>> names). It has a nice naming ring. Something to consider.
>>
>> I fully agree that "good enough" beats "better but not quite  
>> available/robust" !
>>
>> (Note, I changed the mailing list over to the new gin-auth one.  
>> Let's stop using mgi.)
>>
>> Dane
>>
>> On Feb 24, 2006, at 12:47 AM, <Rhys.Francis at csiro.au> wrote:
>>
>>> Hi
>>>
>>> Well that's interesting because the issue I raised concerned the fact
>>> that VO names weren't fully qualified names in any global sense,  so 
>>> once
>>> we recognise other people's CA's and then VOMS servers, partial
>>> qualification would no longer work.
>>>
>>> Afterwards I wondered if we should just use dns to qualify names, and
>>> then I wondered if we could get a .grid domain (and if not perhaps
>>> .grid.net domain).  We could let Dane run it :), then he can create a
>>> subdomain for each grid then we can call our VO servers and our VOs,
>>> whatever we like, if our software fully qualifies a right with the
>>> domain name of the server and its list of VO, groups and subgoups in
>>> which the right is defined.
>>>
>>> I am not an expert on dns and domain name spoofing so I don't know  
>>> if it
>>> is a good or a bad idea.
>>>
>>> The problem of the ontologies used by VO servers and hence the
>>> identifiers used to denote rights seems hard, especially as the  rights
>>> are enacted by gateway services (not by the VO server), so a  common 
>>> way
>>> of specification for gateway actions is required if we are to  agree 
>>> on a
>>> set of common rights.  I think this means we need the smallest  
>>> possible
>>> set of the simplest possible rights to start with.
>>>
>>> Rhys
>>>
>>> 0417 376 476
>>> 03 9669 8135
>>>
>>>
>>>
>>>
>>> -----Original Message-----
>>> From: owner-mgi-auth at ggf.org [mailto:owner-mgi-auth at ggf.org] On  Behalf
>>> Of Olle Mulmo
>>> Sent: Thursday, 23 February 2006 10:18 PM
>>> To: mgi-auth at ggf.org
>>> Subject: [mgi-auth] FYI: VO naming
>>>
>>>
>>>
>>> The issue of VO names came up at the GGF sessions last week. This is
>>> just an FYI to let people know that EGEE has taken the approach of
>>> DNS-alike, hierarchical names. ("Alike" in the sense that an actual
>>> DNS entry is not required, but that it should be a reasonable
>>> confidence that no name space clashes will occur.)
>>>
>>> Unfortunately, this naming convention has not been enforced to date.
>>>
>>> /O
>>>
>>> PS. Shouldn't this mailing list get renamed?
>>>
>>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: MWSG-mrt-7-8-2006-VOMS-Naming.ppt
Type: application/vnd.ms-powerpoint
Size: 644096 bytes
Desc: not available
Url : http://www.ogf.org/pipermail/gin-auth/attachments/20060301/c607ed18/attachment.ppt 