[OGSA-AUTHZ] Implementations
Valerio Venturi
valerio.venturi at cnaf.infn.it
Fri Mar 21 08:36:11 CDT 2008
Hi Tom,
sorry for the late answer, I've just got back to work.
The authorization problem is still unsorted. Currently the prototype
allows for specifying which subjects are allowed to query for other
subjects. Given that, the protocols is in place, this when we had the
demo in Boston Krzystof warn me of some flaws in my service that I
haven't been able to fix yet. AFAIHU UVOS authorization should be more
stable, but Krzystof can say more than me about this.
I have seen that an implementation for the SAML Attribute Query for
X.509 Subjects has made in as a Google Summer of Code 2008 project
mentored by Globus. Keep us informed about the thing and let us know if
you think that VOMS or UVOS implementations can somehow participate in
the demo.
Valerio
On Tue, 2008-03-04 at 08:39 -0500, Tom Scavo wrote:
> Valerio, can you provide an update on the implementation "in progress"
> below? How do you "authorize queries" in the case where the presenter
> is acting on behalf of the subject (or is this still an open
> question)?
>
> Thanks,
> Tom
>
> On Tue, Nov 27, 2007 at 4:26 AM, Valerio Venturi
> <valerio.venturi at cnaf.infn.it> wrote:
> >
> > On Fri, 2007-11-23 at 18:54 -0500, Tom Scavo wrote:
> > > Hi Valerio,
> > >
> > > On 11/20/07, Valerio Venturi <valerio.venturi at cnaf.infn.it> wrote:
> > > >
> > > > Profile being implemented: OGSA Attribute Exchange Profile
> > > > Organisation doing the implementation: INFN
> > > > Contact details: valerio.venturi at cnaf.infn.it
> > > > Short description: VOMS
> > >
> > > Are you implementing the SAML Attribute Query Deployment Profile for
> > > X.509 Subjects or SAML Attribute Self-Query Deployment Profile for
> > > X.509 Subjects (or both)?
> >
> > The Self-Query is already in place, and the other one is work in
> > progress (mainly how to authorize queries is under discussion).
> > Related to this, I think we should add conformance targets to the
> > profile, in the style of the OGSA Profile Defintion and WS-I Basic
> > Profile.
> > Do you think it would be useful?
> >
> > Valerio
> >
> >
More information about the ogsa-authz-wg
mailing list