[ogsa-wg] "tactical-agreement" (#1321: Key-info discovery for encryption in message level security)

[Frank Siebenlist]

#1321: Discovery of key-info for encryption in message level security
Service Group Profile/ EPR embedding


Use cases:

When a client wants to send any encrypted message to a service, it will 
have to know the key associated with that service.

When a client wants to make a policy decision whether or not it wants a 
certain service to serve its request, it has to know the service's key-info.


Considerations:

We have to assume that WS-I or some other organization will get its act 
together in the future to define a standardized profile for the 
embedding of the service's key-info in the EPR, and that that profile 
will then be supported by all vendors world-wide.

Unfortunately, we cannot expect this to happen on any time scale that 
can accommodate our upcoming releases and Grid deployments in the near 
future.

In order for our different implementation to talk to each other 
securely, we have to have agreements in place about where one party will 
put the key-info such that another party can find it.

So we need to have a solution in place "now", no matter what, and we 
have to be prepared to change that method to the standardized one once 
it becomes available. This means that we will have to implement this (at 
least) twice.

But note again that there is no alternative - we have to live with this.

It may be politically better, however, to use words like 
"tactical-agreement" instead of "standard" for whatever method we 
choose, in order to emphasize that we are committed to follow what ever 
comes out of WS-I and friends over time.
Hopefully that would make it easier for some of our partner vendors to 
work on a tactical-agreement without stepping on the toes of their 
colleagues who work on the concurrent WS-I efforts.



-- 
Frank Siebenlist franks at mcs.anl.gov
The Globus Alliance - Argonne National Laboratory