[ogsa-authn-bof] Fwd: Examples of x.509 translation services and beyond-X.509 authentication work
Alan Sill
Alan.Sill at ttu.edu
Mon Jun 2 14:41:13 CDT 2008
Colleagues,
Lately there has been an increase in practical implementation
experiments for alternate forms of authentication that either
translate automatically to, or propose to form a substitute or
substitutes for, classic X.509 PKI in grid settings.
Among the examples of these of which I am aware are IGTF-accredited X.
509 services through the new Member Integrated Credential Services
(MICS) profile, for which examples are already in operation or
accredited with operation to begin soon, based on MyProxyCA or OpenCA
in association with institutional IdM systems; GridShib and related
Shibboleth-based translation systems (such as MyVOCS), the following
work via the Thebes collaboration documented at:
http://thebes.arc.georgetown.edu/
I give the link to Thebes here as an example of such work. The IGTF-
sponsored work that I mentioned above, as a separate topic, is also
available via MICS profile links at
http://gridpma.org
There has also been considerable discussion around the use of OpenID,
driven partly by increases in visibility of this technology in online
industry-based settings.
Whether or not you subscribe to the various assumptions and starting
points of the above efforts, I believe that work to put an OGSA
context into place for discussion of this work would not go amiss.
My own time to attend OGSA meetings has shrunk to near nothing, but I
encourage communication on the above issues and would like to call
your attention to this work. As a general comment, I believe that
small-scale web-based single-sign-on methods are relatively easy to
imagine, and certainly possible to implement, but that work leading
to *interoperable* grids of separate resources, and high-transaction-
capacity access to large-scale assets on production grids, will be
the most valuable in the long run.
Comments on this list or elsewhere to compare and contrast such work,
and to produce a summary of bridges to and extensions beyond X.509
authentication paradigms that can scale to very high volumes of usage
(10**6 jobs per day and beyond) with good security on an automated
basis are especially invited and would be useful. Please feel free
to contact me or to have discussions either on this list or off.
Please feel free to write your own opinions in a coherent form in
papers and web links on this topic, and to post such links here to
attract attention to your own thoughts and work.
I note also that there has been work on "high throughput computing"
within OGSA on which I am not qualified to comment, but might be
worth investigation.
Best wishes,
Alan Sill
Begin forwarded message:
> From: Arnie Miles <adm35 at georgetown.edu>
> Date: June 2, 2008 2:09:23 PM CDT
> To: thebes-l at georgetown.edu
> Subject: Notes and presentations posted to Thebes-l
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> All,
>
> The notes from the May 29th Thebes teleconference are posted,
> including
> action items. I've posted the OGSA Resources Selection Service
> specification along with an outline for those who do not want to read
> the entire thing. I've posted Chad's and my slides.
>
> The project needs one or more Java developers to start on the Resource
> Discovery Network. Volunteers should contact me directly.
>
> - --
> Arnie Miles
> Grid Middleware Architect
> Advanced Research Computing
> Adjunct Assistant Professor of Computer Science
> Georgetown University
> 3300 Whitehaven Street NW
> Washington, DC 20007
> 202.687.9379
> http://arc.georgetown.edu
Alan Sill, Ph.D
TIGRE Senior Scientist, High Performance Computing Center
Adjunct Professor of Physics
TTU
====================================================================
: Alan Sill, Texas Tech University Office: Admin 233, MS 4-1167 :
: e-mail: Alan.Sill at ttu.edu ph. 806-742-4350 fax 806-742-4358 :
====================================================================
More information about the ogsa-authn-bof
mailing list