[OGSA-AUTHZ] Re: GGF-14 Draft Notes

Thu Aug 18 13:33:46 CDT 2005

This minutes have been posted with the addition of mentioning that  
the GGF IP policy was mentioned.

https://forge.gridforum.org/projects/ogsa-authz/document/GGF-14-OGSA- 
Authz-Minutes/en/1

Von

On Jul 8, 2005, at 11:01 AM, Von Welch wrote:

>
> Appended are the combined notes from David Chadwick and myself. Please
> send any corrections in the next week and then I will post them.
>
> Thanks.
>
> Von
>
> --
>
> Preliminary Agenda
>
>  * Get note taker
>
>  * Working group changes - chairs, etc.
>
>  * Status of V1 documents: attributes, SAML
>
>  * Requirements for V2
>
>     1) Pass operation arguments to PDP to make decisions based on them
>     (XACML supports this)
>     2) Pass level of authentication to PDP to make decisions based on
>     strength of authentication
>     (SAMLv2 supports this)
>     3) Return obligations to PEP
>     (XACML supports this)
>     4) ANY MORE???
>
>  * Next steps
>
> ----
>
> Von opened the meeting. Agenda was agreed.  Changes in WG chairs:
> Andrew and Rebekah have resigned. Von thanked Rebekah and Andrew for
> co-chairing the meeting up to now and welcomed David Chadwick to the
> new co-chair post. Von said he would be stepping down as soon as V1
> docs are finished and a new co-chair had volunteered. See Von or David
> if you are interested.
>
> Agenda Bashing: No major changes
>
> Status of V1 documents:
>
>  Attribute document is in hands of GGF Editor, only one known issue
>  from Tom Scavo re section 4.2
>
>  SAML document will be at end of WG last call at end of week. One
>  known issue from Mary Thompson re SAML 2.0 advancement.
>
> David gave a presentation about authorisation architectures in a
> multi-domain environment (see slide show on Gridforge site). It
> considered which components are needed and how the target Source of
> Authority can control everything.
>
> Frank gave a similar presentation but from a different viewpoint. This
> considered asking remote domains (AAs) if they could help in the
> credential validation.
>
>
> Dane and Dave Berry both raised particular scenarios (push and VO
> manager respectively)
>
> Von suggested we need to pick a set of scenarios to constrain the
> problem space.
>
> Frank Siebenlist gave a overview of the Grid Authorization problem
>
> Dane raised the issue that if we have a bunch of security services
> with one network round-trip latency to each, we have a major
> performance problem
>
> Frank: services can be local
>
> Von: specification of local services makes them less technology
> agnostic. We may need to decide how agnostic we want to be.
>
> Final agenda item: Charter Revisions
>
> There was then a discussion about the contents of the revised
> Charter. Von displayed the existing charter.
>
> First two paragraphs of existing charter are OK for the revised
> WG. The third paragraph, which talks about a two phased approach,
> needs to be edited, since we are now in phase 2.
>
> Add ?it will be an authorisation architecture group for OGSA even
> though its output will be aimed at a wider audience than simply OGSA,
> it will encompass the requirements of OGSA.?
>
> Agreed to keep with the OGSA-Authz name for the group.
>
> Output documents
> i.    Scenario document. We will provide authorisation for these  
> scenarios. The scenarios can be part of the Architecture document.
> ii.    Version 2 of the PEP-PDP protocol document.
> iii.    Version 1 of the PEP-CVS protocol.
>
>