[OGSA-AUTHZ] GGF-14 Draft Notes

Fri Jul 8 11:01:42 CDT 2005

Appended are the combined notes from David Chadwick and myself. Please
send any corrections in the next week and then I will post them.

Thanks.

Von

--

Preliminary Agenda

 * Get note taker

 * Working group changes - chairs, etc.

 * Status of V1 documents: attributes, SAML

 * Requirements for V2

	1) Pass operation arguments to PDP to make decisions based on them
	(XACML supports this) 
	2) Pass level of authentication to PDP to make decisions based on 
	strength of authentication
	(SAMLv2 supports this)
	3) Return obligations to PEP
	(XACML supports this)
	4) ANY MORE???

 * Next steps

----

Von opened the meeting. Agenda was agreed.  Changes in WG chairs:
Andrew and Rebekah have resigned. Von thanked Rebekah and Andrew for
co-chairing the meeting up to now and welcomed David Chadwick to the
new co-chair post. Von said he would be stepping down as soon as V1
docs are finished and a new co-chair had volunteered. See Von or David
if you are interested.

Agenda Bashing: No major changes

Status of V1 documents:

 Attribute document is in hands of GGF Editor, only one known issue
 from Tom Scavo re section 4.2

 SAML document will be at end of WG last call at end of week. One
 known issue from Mary Thompson re SAML 2.0 advancement.

David gave a presentation about authorisation architectures in a
multi-domain environment (see slide show on Gridforge site). It
considered which components are needed and how the target Source of
Authority can control everything.

Frank gave a similar presentation but from a different viewpoint. This
considered asking remote domains (AAs) if they could help in the
credential validation.

Dane and Dave Berry both raised particular scenarios (push and VO
manager respectively)

Von suggested we need to pick a set of scenarios to constrain the
problem space.

Frank Siebenlist gave a overview of the Grid Authorization problem

Dane raised the issue that if we have a bunch of security services
with one network round-trip latency to each, we have a major
performance problem

Frank: services can be local

Von: specification of local services makes them less technology
agnostic. We may need to decide how agnostic we want to be.

Final agenda item: Charter Revisions

There was then a discussion about the contents of the revised
Charter. Von displayed the existing charter.

First two paragraphs of existing charter are OK for the revised
WG. The third paragraph, which talks about a two phased approach,
needs to be edited, since we are now in phase 2.

Add ?it will be an authorisation architecture group for OGSA even
though its output will be aimed at a wider audience than simply OGSA,
it will encompass the requirements of OGSA.?

Agreed to keep with the OGSA-Authz name for the group. 

Output documents
i.	Scenario document. We will provide authorisation for these scenarios. The scenarios can be part of the Architecture document. 
ii.	Version 2 of the PEP-PDP protocol document.
iii.	Version 1 of the PEP-CVS protocol.