[OGSA-AUTHZ] GGF 16 Notes: Feb 13, 2006 (draft)

Von Welch vwelch at ncsa.uiuc.edu
Mon Feb 13 10:46:28 CST 2006 

David - please send your slides to the list.
All- Send comments or corrections to notes by Feb 24th, 2006.

Note taker: Von Welch

David Chadwick reminded participants of GGF IP policy and circulated  
sign-up sheet.

Agenda:
1. Charter bashing
2. Document progress
3. Credential validation service
4. Discussion of issues

Document progress:
	Attributes used in OGSI Authorization is GFD 59
	Use of SAML for OGSI Authorization is in Final Editor Review
		https://forge.gridforum.org/tracker/index.php?aid=1612
	OGSI Authorization Requirements
		https://forge.gridforum.org/tracker/index.php?aid=1613
	VOMS Attribute documents
		Just sent

Charter progress:
	David reviewed charter that he had previously sent to email list.
	http://www-unix.gridforum.org/mail_archive/ogsa-authz/2006/01/ 
msg00015.html
	David pointed out the first point of the new charter is to identify  
the requirements and we are looking for representatives from key Grid  
projects
	
	Limitations of current SAML protocol:
		OSG/Privilege - found they needed obligation
		Sinnot/NESC - found they needed fine-grained authorization for  
large databases.

	Olle mentioned to possible need for definition namespaces and  
namespaces for VOMS attributes

	Yuri: we are attempting to connect our AAA authorization system to  
GT authorization framework. Different model from PEP/PDP. Can't see  
how GT authorization framework matches conceptual PDP/PEP model. Want  
GT authorization developers to write document explaining their model.

  	Yuri: another issue - attribute management. Some attributes need  
context.

	David C.: That is in current SAML document, it's call environment.

	Yuri: Is different. context of request is different that environment.

	David C.: Two points to consider for charter:
	* implementors document how their implementations fit model. Can't  
make this requirements since we can't force implementors to write,  
but should have as desired outcoming
	* Context vs environment.

Credential Validation Service:
	See David's slides.

	Key point was "authentic" vs "valid" credentials.

Nate Klingenstein (I2): Forwarding attributes to home organization vs  
Liberty Alliance account linking.

Meeting adjourned.

More information about the ogsa-authz-wg mailing list