[gin-auth] "notes" from GGF16 discussion

Dane Skow skow at mcs.anl.gov
Fri Feb 24 11:17:28 CST 2006 

I didn't ask anyone to take notes from the GGF16 discussion but  
here's what I recall from the conversations. Anyone who took notes,  
please correct any omissions/errors. We should try to capture our  
responses to this as an update to our plan. I'm willing to take the  
pen for that if there are no other volunteers.

Draft Plan:  The plan was generally endorsed. There was some detailed  
comments/conversations, but we were encouraged to move as fast as we  
could to incorporate the decisions/clarifications from the discussion  
and implement that plan.

Timeline:   AAID (Authentication, Authorization, and IDentity  
management) is fundamental to production progress in every other area  
so we are encouraged to move as quickly as possible. Strong desire to  
have as much as possible of our baseline plan functioning before 1  
May (for the next meeting at GGF17 in Tokyo).

VOMS:  Recommendation that we immediately stand up a VOMS service for  
GIN early adopters so that we can identify the pathbreakers without  
having to sort out the broad array of VOs first (though this is  
needed not long after May).

AuthZ attributes:  There was a plea to settle on a small set of  
common capabilities on a resource that we could map attributes to.  
Comment that if the VOs were not able to agree on a common small set  
of needs, perhaps the resource providers can describe a small common  
set of useful capability sets (e.g. normal user, admin, data  
admin, ...) that could be implemented now as a starter.

AuthZ authorities:  How are we going to identify these (securely) ?  
Is some sort of registry/namespace administration needed ? Suggestion  
is "yes" (and discussion has started here already).

Implications on Services:  question asked as to "what methods are  
services expected to implement". My off the cuff answer was that  
services which were directly participating in intergrid operations,  
and wanted AuthN, etc, would be expected to implement these specific  
methods. Other services would either be accessed through a translator  
service or not intergrid.

TLS vrs. Message security:  question asked as to why we were not  
permitting message security for WS. response was we don't propose to  
ban it, but it's currently slow, not widely used, and being worked in  
the OGSA base profile discussions.

UNICORE integration:  question raised as to what impact these choices  
would have on integration with UNICORE grids. response that there is  
a translating function in use that should meet the needs. a UNICORE  
expert from DEISA volunteered to join the team (I didn't catch the  
name and person may already be on list).

Cheers,
Dane

More information about the gin-auth mailing list