[OGSA-AUTHZ] OGSA-Authz-WG draft meeting minutes: OGF Jan 29 session

Von Welch vwelch at ncsa.uiuc.edu
Mon Jan 29 11:25:38 CST 2007 

Draft notes from today's OGSA-Authz WG meeting. Please send  
corrections or addition. In particular there were protocols referred  
to at a couple of points that need exact identification, which are  
marked with "XXX".

Von

----

* Preamble
David brought meeting to order
Circulated OGF IP sign-in sheet
Von volunteers to scribe

* Telecon Update

Decision: Once every two months, we will take one of the OGSA-WG  
phone call slots to report to the larger community. Next date will be  
March 8th.

Decision: Telecon dates
  February 13th
  March 7th
  April 3rd
  April 23rd

* Functional Components Doc
Latest version is Oct 24th version
Outstanding issue: implications of carrying attributes and  
credentials within the same protocol or within different protocols  
[XXX pointer?]
Outstanding issue: Id vs URL issued raised by Tom Scavo [XXX pointer?]
Doc should then be ready for WG final call and progression to AD

* Protocol Doc Updates
Described 3 protocol
1) PEP-Context Handler: no profile proposed. Maybe the same as  
protocol #3 if credential equivalent to attributes.
2) Context Handler-CVS: WS-Trust profile, to be written.
3) Context Handler-PDP: proposal XACML request/response protocol  
proposed [Question raised regarding exactly which protocol is being  
referred to here. Concerns from Nate that this has been deprecated.  
XXX pointer?]

* Takuyi Mori presentation on NAREGI Authz Service and NAREGI XACML  
profile
Slides will be sent to the email list
SAML 2.0 and XACML 2.0 based
Uses GT authz framework
Profile between Authz service client (in GT4) and Authz CVS
Handles VOMS AC's and passes to Authz service
Presented mapping of attributes from X.509 EEC/VOMS AC into XACML
Resource Attribute Filtering Mechanism (RAFM) - Reference properties,
XACML profile has Subject, Resource and Action attributes

* VOMS profile
Discussed on Oct 16 telecon - minutes on list
Meaning of the primary type must be explicit rather than implicit (as  
currently done via sequence)
Awaiting response from VOMS group

* Attribute Retrieval Protocol
Added as last meeting
OASIS profile for SAML - Tom Scavo author

* Von Welch resignation as WG chair
Those who are interesting in replacing Von should send email to David

* Other business
Tom Scavo: Do we need mechanism to bind SAML to X.509 (equivalent to  
VOMS)?
David: 2005 X.509 has specification for binding XML to X.509, but  
doesn't specify XML content
Tom Scavo to investigate how these relate.
David: VOMS may be moving to a SAML in some way, need to understand  
this.

More information about the ogsa-authz-wg mailing list