[gin-auth] GIN AuthZ status summary

Dane Skow skow at mcs.anl.gov
Sun May 7 03:22:49 CDT 2006 

Dear Colleagues,

I'm sorry this mail is going out so late that some of you are already  
in transit to GGF in Tokyo, but hopefully it will catch some able to  
comment and/or think about this on their plane ride. Hopefully we can  
use our time together to refine our initial plans and take stock of  
what we've accomplished and what next should be done. In preparing a  
summary of our activities since February, I came up with the  
following short summary as a start. Comments/contributions welcomed  
please !! Particularly on any additional items that have been  
accomplished and/or items that need to be tackled.

Cheers,
Dane

******

An initial draft team consisting of Dane Skow, Lead (TeraGrid),  
Stephen Pickles (UK NGS), Shinichi Mineo (NAREGI), Von Welch  
(TeraGrid), Yoshio Tanaka (APGridPMA), Olle Mulmo (EGEE),  and  
Hiroyoshi Amo (NAREGI) in plan for deploying interoperable security  
infrastructure for multi-grid services. This plan was presented at  
the Athens GGF meeting in February and approved by acclaim.  
Participating Grids have begun deploying these capabilities for early  
users/resources.

The key points of the agreement are to use RFC 3820 compliant  
proxies, extended by VOMS authorization attributes to transport  
authorization data. The IGTF set of accredited CAs will be used as  
the set of commonly recognized CAs. A survey of which CAs are  
recognized by each participating grid has begun and is kept at http:// 
wiki.nesc.ac.uk/edit/gin-jobs?HomePage.

A GIN VOMS service has been setup by EGEE (Oscar Koeroo) as a  
bootstrap tool to a) identify the subset of users from the various  
Grids/VOs who are participating in the early phase of the  
interoperation work, and b) have a easy method for gaining experience/ 
troubleshooting VOMS credentials.

Several areas have been identified as needing further discussion/ 
agreements. These include: how to recognize the appropriate attribute  
authorities (e.g. VOMS) for each VO, naming conventions for VOs to  
avoid collisions, understand how to interpret the various AUPs cross- 
grid. All of these items have been tabled for the moment in order to  
keep focus on the first immediate steps above needed to support the  
activities of the other GIN groups.

More information about the gin-auth mailing list