[ogsa-authn-bof] OGSA-AuthN BoF notes
David Groep
davidg at nikhef.nl
Thu Feb 1 14:38:38 CST 2007
OGSA-AuthN BoF document and contributer slide
Immediate actions needed for OGSA-WG
• develop basic, short-term use cases (AG)
• develop profile to support these use cases in the next 3-6 months (AG)
no scope creep allowed for these actions, so as not to stall HPCP
Proposed work or documents
• refine use of reusable tokens over secure channels in OGSA context
(AS,BD;DS,NK)
• possible and probably based on WS-I, profiling for
identity needed for how to talk to a service, use cases
needed, including username/password over TLS, PKI, Krb.
• community practices document (AS): GFD.78, Unicore (DS),
GRIA (??)
• interfacing SAML to Grid (GridShib, ShibGrid, SHEBANG,
SLCS/SWITCH like) –
(NK, MJ, CW, VonW, TomS) – relate to the GridShib BoF
• develop richer use cases to drive AuthN work (HK) -> working doc,
no GFD track
• should be based on general OGSA use cases
Postp[oned items
• AuthN roadmap (AS,NK – postponed till use case inventory complete)
• including schedule when to complete specifications
• impersonation (postponed – 2-3yrs?)
• PROTOCOLs to convey this information, for PKI, SAML,
restricted rights &c
• to create a SSO environment
• or where man-in-the-middle is completely invisible
• in federated idenity, the IdP is the entity; bearer credential
influences LoA
• active and/or ‘passive’ authentication profiles
• conveyance of LoA in AuthN in protocols, (depends on LoA-RG output;
need requirements first; -> postponed a bit)
• LoA consumption by services, identification of entities; do
we know the format?
--
David Groep
** National Institute for Nuclear and High Energy Physics, PDP/Grid group **
** Room: H1.56 Phone: +31 20 5922179, PObox 41882, NL-1009DB Amsterdam NL **
More information about the ogsa-authn-bof
mailing list