[ogsa-authn-bof] Fwd: Examples of x.509 translation services and beyond-X.509 authentication work

[Alan Sill]

Colleagues,

Lately there has been an increase in practical implementation  
experiments for alternate forms of authentication that either  
translate automatically to, or propose to form a substitute or  
substitutes for, classic X.509 PKI in grid settings.

Among the examples of these of which I am aware are IGTF-accredited X. 
509 services through the new Member Integrated Credential Services  
(MICS) profile, for which examples are already in operation or  
accredited with operation to begin soon, based on MyProxyCA or OpenCA  
in association with institutional IdM systems; GridShib and related  
Shibboleth-based translation systems (such as MyVOCS), the following  
work via the Thebes collaboration documented at:

http://thebes.arc.georgetown.edu/

I give the link to Thebes here as an example of such work.  The IGTF- 
sponsored work that I mentioned above, as a separate topic, is also  
available via MICS profile links at

http://gridpma.org

There has also been considerable discussion around the use of OpenID,  
driven partly by increases in visibility of this technology in online  
industry-based settings.

Whether or not you subscribe to the various assumptions and starting  
points of the above efforts, I believe that work to put an OGSA  
context into place for discussion of this work would not go amiss.   
My own time to attend OGSA meetings has shrunk to near nothing, but I  
encourage communication on the above issues and would like to call  
your attention to this work.  As a general comment, I believe that  
small-scale web-based single-sign-on methods are relatively easy to  
imagine, and certainly possible to implement, but that work leading  
to *interoperable* grids of separate resources, and high-transaction- 
capacity access to large-scale assets on production grids, will be  
the most valuable in the long run.

Comments on this list or elsewhere to compare and contrast such work,  
and to produce a summary of bridges to and extensions beyond X.509  
authentication paradigms that can scale to very high volumes of usage  
(10**6 jobs per day and beyond) with good security on an automated  
basis are especially invited and would be useful.  Please feel free  
to contact me or to have discussions either on this list or off.   
Please feel free to write your own opinions in a coherent form in  
papers and web links on this topic, and to post such links here to  
attract attention to your own thoughts and work.

I note also that there has been work on "high throughput computing"  
within OGSA on which I am not qualified to comment, but might be  
worth investigation.

Best wishes,
Alan Sill

Begin forwarded message:

> From: Arnie Miles <adm35 at georgetown.edu>
> Date: June 2, 2008 2:09:23 PM CDT
> To: thebes-l at georgetown.edu
> Subject: Notes and presentations posted to Thebes-l
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> All,
>
> The notes from the May 29th Thebes teleconference are posted,  
> including
> action items. I've posted the OGSA Resources Selection Service
> specification along with an outline for those who do not want to read
> the entire thing. I've posted Chad's and my slides.
>
> The project needs one or more Java developers to start on the Resource
> Discovery Network. Volunteers should contact me directly.
>
> - --
> Arnie Miles
> Grid Middleware Architect
> Advanced Research Computing
> Adjunct Assistant Professor of Computer Science
> Georgetown University
> 3300 Whitehaven Street NW
> Washington, DC  20007
> 202.687.9379
> http://arc.georgetown.edu


Alan Sill, Ph.D
TIGRE Senior Scientist, High Performance Computing Center
Adjunct Professor of Physics
TTU

====================================================================
:  Alan Sill, Texas Tech University  Office: Admin 233, MS 4-1167  :
:  e-mail: Alan.Sill at ttu.edu   ph. 806-742-4350  fax 806-742-4358  :
====================================================================