[OGSA-AUTHZ] Fwd: OGSA-AuthN-WG charter effort: URL and the Seven Questions
Alan Sill
Alan.Sill at ttu.edu
Thu Oct 26 09:44:38 CDT 2006
Comments and input, volunteers for documents and co-conveners welcome.
BoF will be at OGF-19. See also
http://www.ggf.org/gf/group_info/charter.php?review&group=OGSA-AuthN-WG
Again, comments welcome.
Best,
Alan
Begin forwarded message:
> From: Alan Sill <Alan.Sill at ttu.edu>
> Date: October 26, 2006 9:24:27 AM CDT
> To: Hiro Kishimoto <hiro.kishimoto at jp.fujitsu.com>
> Cc: Alan Sill <Alan.Sill at ttu.edu>, ogsa-wg WG <ogsa-wg at ggf.org>,
> David Groep <davidg at nikhef.nl>, Blair Dillaway <blaird at microsoft.com>
> Subject: OGSA-AuthN-WG charter effort: the Seven Questions
>
>
> On Oct 23, 2006, at 9:29 PM, Hiro Kishimoto wrote:
>
>> The Seven Questions
>>
>> 1. Is the scope of the proposed group sufficiently focused?
>
> The scope of the proposed group is strictly limited to
> authentication technologies for use within grid services
> architectures. As such, I believe it is sufficiently focused,
> although the relation to corresponding activities in authorization
> and in the activities of other work groups is important and clear.
>
>> 2. Are the topics that the group plans to address clear and
>> relevant for
>> the Grid research, development, industrial, implementation, and/or
>> application user community?
>
> Authentication is a key security step in any chain of grid services
> usage. Up to now, most grid applications have either used no
> security (for testing purposes), a limited and often self-signed
> configuration again mostly for testing purposes, or have had to
> rely on pure deployment of X.509 technology infrastructures. Some
> extensive community practice has grown up in the academic
> community, especially with regard to deployment at and between the
> large-scale national laboratories and universities on an
> international basis, and siloed implementations exist within
> industry, as well as some federal non-laboratory organizations. It
> is a goal of this work group to document current practice and to
> extend the standards basis for development of AuthN technologies
> within all of the above communities. Another significant output
> will be recommendations for future work in this area, taking into
> account all relevant technological development in this area.
> Interoperability will also be an important factor, of course.
>
>> 3. Will the formation of the group foster (consensus–based) work that
>> would not be done otherwise?
>
> Yes. Several conversations on related technologies have sprung up
> naturally within segments of the affected communities, as described
> above. The existence of an OGSA AuthN work group would allow
> concentration and coordination of these conversations and
> recommendations in a context that is explicitly connected to the
> overall OGSA standards effort.
>
>> 4. Do the group’s activities overlap inappropriately with those of
>> another OGF group or to a group active in another organization
>> such as
>> IETF or W3C? Has the relationship, if any, to the Open Grid Services
>> Architecture (OGSA) been determined?
>
> There is no other effort exclusively devoted to this task within
> OGSA. Polling of the membership of other groups active in the
> authentication and authorization areas has resulted in strong
> support for the idea of a specific OGSA effort. Groups that have
> been polled include the following:
>
> CA-Ops: Within the current OGF structure, this group is defined as
> an operations group responsible for Certificate Authority standards
> and participation. It is the parent body (in a historical sense)
> of the IGTF described below.
>
> International Grid Trust Federation (IGTF): an independent body
> comprised of three regional policy management authorities (PMAs)
> with membership consisting of grid certificate authority providers
> and (in some cases) relying parties with an interest in the
> operational policies and procedures of the CA providers. The
> primary mechanism of operation of the IGTF is through the
> development and common accreditation of CAs against specific,
> detailed CP/CPS statements within the context of Authentication
> Profiles (APs); APs exist for "classic PKI" deployments as well as
> short-lived credential and experimental services. Within the
> context of the IGTF PMA charters, interest has been growing in
> improving the variety and accessibility of grid authentication
> methods while retaining the ability to work with existing grid
> deployments with high security.
>
> OGSA-AuthZ: This group is focused on authorization technologies. A
> variety of useful documents has been successfully produced through
> various incarnations of this group to date. Its membership is
> supportive of a corresponding OGSA-AuthN effort.
>
> Shibboleth for Grids BoF: This BoF was held at GGF-18 and its
> activities are documented at the URL http://grid.ncsa.uiuc.edu/
> events/ggf18-shib-bof/ for reference. Although focused primarily
> on authorization, Shibboleth technologies are consumers of
> authentication information and a great deal of activity is being
> devoted to understanding the interaction between Shibboleth and the
> needs of grids. The participants in the BoF mailing list are
> strongly supportive of an OGSA-AuthN effort.
>
>> 5. Are there sufficient interest and expertise in the group’s topic,
>> with at least several people willing to expend the effort that is
>> likely
>> to produce significant results over time?
>
> Yes. A significant short-term effort should be exerted to identify
> authors of the proposed documents and a co-chair in the near future.
>
>> 6. Does a base of interested consumers (e.g., application developers,
>> Grid system implementers, industry partners, end-users) appear to
>> exist
>> for the planned work?
>
> Yes. The BoF planned for the next OGF meeting should provide
> opportunities for organization of work in this area.
>
>> 7. Does the OGF have a reasonable role to play in the
>> determination of
>> the technology?
>
> Yes, as described above. One specific output of the group that
> would be made possible by the OGF will be production of an OGF
> document with recommended standards for OGSA-AUthN.
>
> Respectfully submitted,
>
> Alan Sill
> TIGRE Senior Scientist
> High Performance Computing Center
> TTU
>
> ====================================================================
> : Alan Sill, Texas Tech University Office: Admin 233, MS 4-1167 :
> : e-mail: Alan.Sill at ttu.edu ph. 806-742-4350 fax 806-742-4358 :
> ====================================================================
>
Alan Sill
TIGRE Senior Scientist
High Performance Computing Center
TTU
====================================================================
: Alan Sill, Texas Tech University Office: Admin 233, MS 4-1167 :
: e-mail: Alan.Sill at ttu.edu ph. 806-742-4350 fax 806-742-4358 :
====================================================================
More information about the ogsa-authz-wg
mailing list