[ogsa-authn-bof] OGSA-AuthN BoF notes

[David Groep]

OGSA-AuthN BoF document and contributer slide

Immediate actions needed for OGSA-WG
•	develop basic, short-term use cases (AG)
•	develop profile to support these use cases in the next 3-6 months (AG)
no scope creep allowed for these actions, so as not to stall HPCP

Proposed work or documents
•	refine use of reusable tokens over secure channels in OGSA context
	(AS,BD;DS,NK)
	•	possible and probably based on WS-I, profiling for
		identity needed for how to talk to a service, use cases
		needed, including username/password over TLS, PKI, Krb.
	•	community practices document (AS): GFD.78, Unicore (DS),
		GRIA (??)
•	interfacing SAML to Grid (GridShib, ShibGrid, SHEBANG,
	SLCS/SWITCH like) –
	(NK, MJ, CW, VonW, TomS) – relate to the GridShib BoF
•	develop richer use cases to drive AuthN work (HK) -> working doc,
	no GFD track
	•	should be based on general OGSA use cases

Postp[oned items
•	AuthN roadmap (AS,NK – postponed till use case inventory complete)
	•	including schedule when to complete specifications
•	impersonation (postponed – 2-3yrs?)
	•	PROTOCOLs to convey this information, for PKI, SAML,
		restricted rights &c
	•	to create a SSO environment
	•	or where man-in-the-middle is completely invisible
	•	in federated idenity, the IdP is the entity; bearer credential
		influences LoA
	•	active and/or ‘passive’ authentication profiles
•	conveyance of LoA in AuthN in protocols, (depends on LoA-RG output;
	need requirements first; -> postponed a bit)
	•	LoA consumption by services, identification of entities; do
		we know the format?




-- 
David Groep

** National Institute for Nuclear and High Energy Physics, PDP/Grid group **
** Room: H1.56 Phone: +31 20 5922179, PObox 41882, NL-1009DB Amsterdam NL **