[OGSA-AUTHZ] OGSA-AuthN-WG charter effort: the Seven Questions

[Alan Sill]

Dear colleagues,

Apologies if you are getting these messages more than once due to  
cross-posting.  Once the OGSA-AuthN work group is set up, it will  
have its own mailing list to which you will be able to subscribe if  
it is of interest, so that symptom will disappear soon.

As a reminder, here are the answers that were presented to the OGSA- 
WG in response to the standard "seven questions" asked as part of the  
process of setting up a new group.  Comments with respect to the  
authentication direction to be pursued by this group are welcome and  
recruited.  Anything specific to the Birds-of-a-Feather session we  
are organizing on this topic for OGF-19 in North Carolina at the end  
of January is also welcome; we hope this will be a productive work  
group and BoF session.

Alan

Begin forwarded message:

> From: Alan Sill <Alan.Sill at ttu.edu>
> Date: October 26, 2006 9:24:27 AM CDT
> To: Hiro Kishimoto <hiro.kishimoto at jp.fujitsu.com>
> Cc: Alan Sill <Alan.Sill at ttu.edu>, ogsa-wg WG <ogsa-wg at ggf.org>,  
> David Groep <davidg at nikhef.nl>, Blair Dillaway <blaird at microsoft.com>
> Subject: OGSA-AuthN-WG charter effort: the Seven Questions
>
>
> On Oct 23, 2006, at 9:29 PM, Hiro Kishimoto wrote:
>
>> The Seven Questions
>>
>> 1. Is the scope of the proposed group sufficiently focused?
>
> The scope of the proposed group is strictly limited to  
> authentication technologies for use within grid services  
> architectures.  As such, I believe it is sufficiently focused,  
> although the relation to corresponding activities in authorization  
> and in the activities of other work groups is important and clear.
>
>> 2. Are the topics that the group plans to address clear and  
>> relevant for
>> the Grid research, development, industrial, implementation, and/or
>> application user community?
>
> Authentication is a key security step in any chain of grid services  
> usage.  Up to now, most grid applications have either used no  
> security (for testing purposes), a limited and often self-signed  
> configuration again mostly for testing purposes, or have had to  
> rely on pure deployment of X.509 technology infrastructures.  Some  
> extensive community practice has grown up in the academic  
> community, especially with regard to deployment at and between the  
> large-scale national laboratories and universities on an  
> international basis, and siloed implementations exist within  
> industry, as well as some federal non-laboratory organizations.  It  
> is a goal of this work group to document current practice and to  
> extend the standards basis for development of AuthN technologies  
> within all of the above communities.  Another significant output  
> will be recommendations for future work in this area, taking into  
> account all relevant technological development in this area.   
> Interoperability will also be an important factor, of course.
>
>> 3. Will the formation of the group foster (consensus–based) work that
>> would not be done otherwise?
>
> Yes.  Several conversations on related technologies have sprung up  
> naturally within segments of the affected communities, as described  
> above.  The existence of an OGSA AuthN work group would allow  
> concentration and coordination of these conversations and  
> recommendations in a context that is explicitly connected to the  
> overall OGSA standards effort.
>
>> 4. Do the group’s activities overlap inappropriately with those of
>> another OGF group or to a group active in another organization  
>> such as
>> IETF or W3C? Has the relationship, if any, to the Open Grid Services
>> Architecture (OGSA) been determined?
>
> There is no other effort exclusively devoted to this task within  
> OGSA.  Polling of the membership of other groups active in the  
> authentication and authorization areas has resulted in strong  
> support for the  idea of a specific OGSA effort.  Groups that have  
> been polled include the following:
>
> CA-Ops: Within the current OGF structure, this group is defined as  
> an operations group responsible for Certificate Authority standards  
> and participation.  It is the parent body (in a historical sense)  
> of the IGTF described below.
>
> International Grid Trust Federation (IGTF): an independent body  
> comprised of three regional policy management authorities (PMAs)  
> with membership consisting of grid certificate authority providers  
> and (in some cases) relying parties with an interest in the  
> operational policies and procedures of the CA providers.  The  
> primary mechanism of operation of the IGTF is through the  
> development and common accreditation of CAs against specific,  
> detailed CP/CPS statements within the context of Authentication  
> Profiles (APs); APs exist for "classic PKI" deployments as well as  
> short-lived credential and experimental services.  Within the  
> context of the IGTF PMA charters, interest has been growing in  
> improving the variety and accessibility of grid authentication  
> methods while retaining the ability to work with existing grid  
> deployments with high security.
>
> OGSA-AuthZ: This group is focused on authorization technologies.  A  
> variety of useful documents has been successfully produced through  
> various incarnations of this group to date.  Its membership is  
> supportive of a corresponding OGSA-AuthN effort.
>
> Shibboleth for Grids BoF: This BoF was held at GGF-18 and its  
> activities are documented at the URL http://grid.ncsa.uiuc.edu/ 
> events/ggf18-shib-bof/ for reference.  Although focused primarily  
> on authorization, Shibboleth technologies are consumers of  
> authentication information and a great deal of activity is being  
> devoted to understanding the interaction between Shibboleth and the  
> needs of grids.  The participants in the BoF mailing list are  
> strongly supportive of an OGSA-AuthN effort.
>
>> 5. Are there sufficient interest and expertise in the group’s topic,
>> with at least several people willing to expend the effort that is  
>> likely
>> to produce significant results over time?
>
> Yes.  A significant short-term effort should be exerted to identify  
> authors of the proposed documents and a co-chair in the near future.
>
>> 6. Does a base of interested consumers (e.g., application developers,
>> Grid system implementers, industry partners, end-users) appear to  
>> exist
>> for the planned work?
>
> Yes.  The BoF planned for the next OGF meeting should provide  
> opportunities for organization of work in this area.
>
>> 7. Does the OGF have a reasonable role to play in the  
>> determination of
>> the technology?
>
> Yes, as described above.  One specific output of the group that  
> would be made possible by the OGF will be production of an OGF  
> document with recommended standards for OGSA-AUthN.
>
> Respectfully submitted,

Alan Sill, Ph.D
TIGRE Senior Scientist, High Performance Computing Center
Adjunct Professor of Physics
TTU

====================================================================
:  Alan Sill, Texas Tech University  Office: Admin 233, MS 4-1167  :
:  e-mail: Alan.Sill at ttu.edu   ph. 806-742-4350  fax 806-742-4358  :
====================================================================