[OGSA-AUTHZ] Fwd: OGSA-AuthN-WG charter effort: URL and the Seven Questions

Alan Sill Alan.Sill at ttu.edu
Thu Oct 26 09:44:38 CDT 2006 

Comments and input, volunteers for documents and co-conveners welcome.

BoF will be at OGF-19.  See also

http://www.ggf.org/gf/group_info/charter.php?review&group=OGSA-AuthN-WG

Again, comments welcome.

Best,
Alan

Begin forwarded message:

> From: Alan Sill <Alan.Sill at ttu.edu>
> Date: October 26, 2006 9:24:27 AM CDT
> To: Hiro Kishimoto <hiro.kishimoto at jp.fujitsu.com>
> Cc: Alan Sill <Alan.Sill at ttu.edu>, ogsa-wg WG <ogsa-wg at ggf.org>,  
> David Groep <davidg at nikhef.nl>, Blair Dillaway <blaird at microsoft.com>
> Subject: OGSA-AuthN-WG charter effort: the Seven Questions
>
>
> On Oct 23, 2006, at 9:29 PM, Hiro Kishimoto wrote:
>
>> The Seven Questions
>>
>> 1. Is the scope of the proposed group sufficiently focused?
>
> The scope of the proposed group is strictly limited to  
> authentication technologies for use within grid services  
> architectures.  As such, I believe it is sufficiently focused,  
> although the relation to corresponding activities in authorization  
> and in the activities of other work groups is important and clear.
>
>> 2. Are the topics that the group plans to address clear and  
>> relevant for
>> the Grid research, development, industrial, implementation, and/or
>> application user community?
>
> Authentication is a key security step in any chain of grid services  
> usage.  Up to now, most grid applications have either used no  
> security (for testing purposes), a limited and often self-signed  
> configuration again mostly for testing purposes, or have had to  
> rely on pure deployment of X.509 technology infrastructures.  Some  
> extensive community practice has grown up in the academic  
> community, especially with regard to deployment at and between the  
> large-scale national laboratories and universities on an  
> international basis, and siloed implementations exist within  
> industry, as well as some federal non-laboratory organizations.  It  
> is a goal of this work group to document current practice and to  
> extend the standards basis for development of AuthN technologies  
> within all of the above communities.  Another significant output  
> will be recommendations for future work in this area, taking into  
> account all relevant technological development in this area.   
> Interoperability will also be an important factor, of course.
>
>> 3. Will the formation of the group foster (consensus–based) work that
>> would not be done otherwise?
>
> Yes.  Several conversations on related technologies have sprung up  
> naturally within segments of the affected communities, as described  
> above.  The existence of an OGSA AuthN work group would allow  
> concentration and coordination of these conversations and  
> recommendations in a context that is explicitly connected to the  
> overall OGSA standards effort.
>
>> 4. Do the group’s activities overlap inappropriately with those of
>> another OGF group or to a group active in another organization  
>> such as
>> IETF or W3C? Has the relationship, if any, to the Open Grid Services
>> Architecture (OGSA) been determined?
>
> There is no other effort exclusively devoted to this task within  
> OGSA.  Polling of the membership of other groups active in the  
> authentication and authorization areas has resulted in strong  
> support for the  idea of a specific OGSA effort.  Groups that have  
> been polled include the following:
>
> CA-Ops: Within the current OGF structure, this group is defined as  
> an operations group responsible for Certificate Authority standards  
> and participation.  It is the parent body (in a historical sense)  
> of the IGTF described below.
>
> International Grid Trust Federation (IGTF): an independent body  
> comprised of three regional policy management authorities (PMAs)  
> with membership consisting of grid certificate authority providers  
> and (in some cases) relying parties with an interest in the  
> operational policies and procedures of the CA providers.  The  
> primary mechanism of operation of the IGTF is through the  
> development and common accreditation of CAs against specific,  
> detailed CP/CPS statements within the context of Authentication  
> Profiles (APs); APs exist for "classic PKI" deployments as well as  
> short-lived credential and experimental services.  Within the  
> context of the IGTF PMA charters, interest has been growing in  
> improving the variety and accessibility of grid authentication  
> methods while retaining the ability to work with existing grid  
> deployments with high security.
>
> OGSA-AuthZ: This group is focused on authorization technologies.  A  
> variety of useful documents has been successfully produced through  
> various incarnations of this group to date.  Its membership is  
> supportive of a corresponding OGSA-AuthN effort.
>
> Shibboleth for Grids BoF: This BoF was held at GGF-18 and its  
> activities are documented at the URL http://grid.ncsa.uiuc.edu/ 
> events/ggf18-shib-bof/ for reference.  Although focused primarily  
> on authorization, Shibboleth technologies are consumers of  
> authentication information and a great deal of activity is being  
> devoted to understanding the interaction between Shibboleth and the  
> needs of grids.  The participants in the BoF mailing list are  
> strongly supportive of an OGSA-AuthN effort.
>
>> 5. Are there sufficient interest and expertise in the group’s topic,
>> with at least several people willing to expend the effort that is  
>> likely
>> to produce significant results over time?
>
> Yes.  A significant short-term effort should be exerted to identify  
> authors of the proposed documents and a co-chair in the near future.
>
>> 6. Does a base of interested consumers (e.g., application developers,
>> Grid system implementers, industry partners, end-users) appear to  
>> exist
>> for the planned work?
>
> Yes.  The BoF planned for the next OGF meeting should provide  
> opportunities for organization of work in this area.
>
>> 7. Does the OGF have a reasonable role to play in the  
>> determination of
>> the technology?
>
> Yes, as described above.  One specific output of the group that  
> would be made possible by the OGF will be production of an OGF  
> document with recommended standards for OGSA-AUthN.
>
> Respectfully submitted,
>
> Alan Sill
> TIGRE Senior Scientist
> High Performance Computing Center
> TTU
>
> ====================================================================
> :  Alan Sill, Texas Tech University  Office: Admin 233, MS 4-1167  :
> :  e-mail: Alan.Sill at ttu.edu   ph. 806-742-4350  fax 806-742-4358  :
> ====================================================================
>

Alan Sill
TIGRE Senior Scientist
High Performance Computing Center
TTU

====================================================================
:  Alan Sill, Texas Tech University  Office: Admin 233, MS 4-1167  :
:  e-mail: Alan.Sill at ttu.edu   ph. 806-742-4350  fax 806-742-4358  :
====================================================================

More information about the ogsa-authz-wg mailing list