[gin-auth] "notes" from GGF16 discussion
Dane Skow
skow at mcs.anl.gov
Fri Feb 24 11:17:28 CST 2006
I didn't ask anyone to take notes from the GGF16 discussion but
here's what I recall from the conversations. Anyone who took notes,
please correct any omissions/errors. We should try to capture our
responses to this as an update to our plan. I'm willing to take the
pen for that if there are no other volunteers.
Draft Plan: The plan was generally endorsed. There was some detailed
comments/conversations, but we were encouraged to move as fast as we
could to incorporate the decisions/clarifications from the discussion
and implement that plan.
Timeline: AAID (Authentication, Authorization, and IDentity
management) is fundamental to production progress in every other area
so we are encouraged to move as quickly as possible. Strong desire to
have as much as possible of our baseline plan functioning before 1
May (for the next meeting at GGF17 in Tokyo).
VOMS: Recommendation that we immediately stand up a VOMS service for
GIN early adopters so that we can identify the pathbreakers without
having to sort out the broad array of VOs first (though this is
needed not long after May).
AuthZ attributes: There was a plea to settle on a small set of
common capabilities on a resource that we could map attributes to.
Comment that if the VOs were not able to agree on a common small set
of needs, perhaps the resource providers can describe a small common
set of useful capability sets (e.g. normal user, admin, data
admin, ...) that could be implemented now as a starter.
AuthZ authorities: How are we going to identify these (securely) ?
Is some sort of registry/namespace administration needed ? Suggestion
is "yes" (and discussion has started here already).
Implications on Services: question asked as to "what methods are
services expected to implement". My off the cuff answer was that
services which were directly participating in intergrid operations,
and wanted AuthN, etc, would be expected to implement these specific
methods. Other services would either be accessed through a translator
service or not intergrid.
TLS vrs. Message security: question asked as to why we were not
permitting message security for WS. response was we don't propose to
ban it, but it's currently slow, not widely used, and being worked in
the OGSA base profile discussions.
UNICORE integration: question raised as to what impact these choices
would have on integration with UNICORE grids. response that there is
a translating function in use that should meet the needs. a UNICORE
expert from DEISA volunteered to join the team (I didn't catch the
name and person may already be on list).
Cheers,
Dane
More information about the gin-auth
mailing list