[gin-auth] GIN AuthZ status summary
Dane Skow
skow at mcs.anl.gov
Sun May 7 03:22:49 CDT 2006
Dear Colleagues,
I'm sorry this mail is going out so late that some of you are already
in transit to GGF in Tokyo, but hopefully it will catch some able to
comment and/or think about this on their plane ride. Hopefully we can
use our time together to refine our initial plans and take stock of
what we've accomplished and what next should be done. In preparing a
summary of our activities since February, I came up with the
following short summary as a start. Comments/contributions welcomed
please !! Particularly on any additional items that have been
accomplished and/or items that need to be tackled.
Cheers,
Dane
******
An initial draft team consisting of Dane Skow, Lead (TeraGrid),
Stephen Pickles (UK NGS), Shinichi Mineo (NAREGI), Von Welch
(TeraGrid), Yoshio Tanaka (APGridPMA), Olle Mulmo (EGEE), and
Hiroyoshi Amo (NAREGI) in plan for deploying interoperable security
infrastructure for multi-grid services. This plan was presented at
the Athens GGF meeting in February and approved by acclaim.
Participating Grids have begun deploying these capabilities for early
users/resources.
The key points of the agreement are to use RFC 3820 compliant
proxies, extended by VOMS authorization attributes to transport
authorization data. The IGTF set of accredited CAs will be used as
the set of commonly recognized CAs. A survey of which CAs are
recognized by each participating grid has begun and is kept at http://
wiki.nesc.ac.uk/edit/gin-jobs?HomePage.
A GIN VOMS service has been setup by EGEE (Oscar Koeroo) as a
bootstrap tool to a) identify the subset of users from the various
Grids/VOs who are participating in the early phase of the
interoperation work, and b) have a easy method for gaining experience/
troubleshooting VOMS credentials.
Several areas have been identified as needing further discussion/
agreements. These include: how to recognize the appropriate attribute
authorities (e.g. VOMS) for each VO, naming conventions for VOs to
avoid collisions, understand how to interpret the various AUPs cross-
grid. All of these items have been tabled for the moment in order to
keep focus on the first immediate steps above needed to support the
activities of the other GIN groups.
More information about the gin-auth
mailing list