[ogsa-wg] Fwd: [caops-wg] OGSA activity to cover authentication and identity provision roadmap

Alan Sill Alan.Sill at ttu.edu
Thu Oct 5 09:19:17 CDT 2006 

FYI -- this is typical of responses.

Alan

Begin forwarded message:

> From: David Groep <davidg at nikhef.nl>
> Date: October 5, 2006 6:54:42 AM CDT
> To: Alan Sill <Alan.Sill at ttu.edu>
> Cc: igtf-general at gridpma.org, Mailing List for CAOPS-WG <caops- 
> wg at ogf.org>, gsmv at webapp.lab.ac.uab.edu, gridshib-beta at globus.org
> Subject: Re: [caops-wg] OGSA activity to cover authentication and  
> identity provision roadmap
>
> Dear Alan, all,
>
> First of all, I would like to support this proposal, as it could  
> indeed
> provide the focal point for harmonisation amongst the various
> activities in this area that have emerged both inside and those
> (still) outside OGF. Over the past year I feel we have come quite  
> close
> to a kind of "common understanding" of what the issues are, and  
> drafting
> a collective roadmap is IMHO a very timely activity.
>
> Of course, I can happily offer a timeslot during the upcoming  
> EUGridPMA
> meeting to discuss this (of course also completely open to the  
> world and
> community at large: join this part of the meeting via VRVS in
> the "Sky" virtual room, "Earth/Universe" community: www.vrvs.org).
> If the current planning is not optimal (this Friday, Oct 6,
> 11.00 AM CEST=UTC+2), it can also be delayed a few hours.
>
> As I see it, the BoF for this new WG could also address some issues
> I feel we currently have with the CAOPS charter and position with
> respect to other activities in OGF  (both with CAOPS being seen as an
> "operations" activity, but even more importantly the possible  
> conception
> that CAOPS is only about the operation of  "traditional" X.509 CAs).
> In this respect, I would be highly interested in how others in CAOPS
> see the relationship between CAOPS and such a new group.
> Personally, I think also the IGTF as an operational policy  
> coordination
> body, should have close relationships with both groups, especially
> as they are expanding into new authentication profile models.
>
> There is, however, also an increasing overlap between the  
> activities in
> AuthN and AuthZ. The new federations of organisationally-based
> sources of authority supply attributes and assertions that are
> relevant for both: some attributes relate to what we have
> traditionally seen as authentication (unique names, their long-term
> binding to entities, and the way to prove identity), but others
> by the same source relate more to authorisation (roles, position in
> the organisation &c).
> In the long run there may be not that clear a division between the
> two, especially when multiple sources of authority are involved in
> a combined decision. But this combination of assertions, possibly
> with different assurance levels, and with different levels from
> different sources, will highlight the need to convey such assurance
> levels, and their recognition in policy decisions, in a harmonised
> formats and semantics.
> Will the AuthN roadmap address include such issues - which I
> think it certainly should - when these assertions relate to
> long-term "AuthN" attributes? Even of the actual assertions are
> more related to what we might now consider "AuthZ" (such as
> organisational role/position)? But that's probably something for
> the BoF to figure out (given sufficient participation from
> the OGSA-AuthZ folks).
>
> Lastly, I think we should advertise this BoF and our intentions
> widely, as there are very many related activities in this area,
> also outside OGF. In particular (with a slight European bias) there
> are the TERENA TF-EMC2 and TF-Mobility groups that to some extent
> rely on or aim for coordination in this domain; there is the
> eduGAIN activity (organised as part of the GEANT2 project); and
> the EuroCAMP meetings on federation (the next one in two weeks in
> Malaga, ES) are all highly relevant to this work. Many of
> our combined groups will attend at least a few of these meetings,
> and -- if we all agree OGSA-AuthN is a good idea -- should take the
> opportunity to get all relevant people around the table at OGF19.
>
>
> 	Best regards,
> 	DavidG.
>
>
> Alan Sill wrote:
>> I'd like to suggest to the CAOps and Grid CA community that we   
>> attempt to pull together thoughts on grid identity authentication  
>> in  terms of a roadmap and/or BOF among interested parties,  
>> focusing  primarily on the AuthN side. This would be a complement  
>> to the OGSA- AuthZ activity, which we could clearly call OGSA-AuthN.
>> I realize that we need another working group like, well, a whack  
>> on  the head, but I have thought about this one a lot and I think  
>> that  the OGSA process would bring a lot of rationalization to  
>> the  activities and effort that we are pursuing more or less  
>> piecemeal in  the search for a workable solution.  Among things  
>> that we could gain  by having such an effort, we could include:
>> - Clear separation from OGSA-AuthZ while still allowing a strong   
>> channel for communication
>> - Bringing together several different working groups who are all   
>> working on identity provision (as opposed to authorization) for grids
>> - Providing for better communication between the OGSA roadmap and   
>> CAOps practices
>> - Providing a context for working groups, such as the Bridge CA  
>> and  Shibboleth activities, to communicate their findings
>> - Placing OGSA-AuthN and OGSA-AuthZ on a similar footing
>> To follow through on this, I would like to have a brief discussion  
>> in  the IGTF portion of the upcoming EUGridPMA meeting, followed  
>> by a  similar discussion at the TAGPMA Novemvber face-to-face, and  
>> of  course encourage similar discussion at the APGridPMA meeting  
>> this  fall.  Any decision to follow this path should be discussed  
>> with the  incoming area directors of the Security area within the  
>> Open Grid  Forum, along with specific details about the charter.   
>> To make this  happen, we could form a BOF to be held at the next  
>> OGF  conference in  North Carolina in January, along the lines of  
>> the recent "Shibboleth  for Grids" one that we held at GGF 18,  
>> with an aim to take on this  topic as a roadmap activity directly.
>> Thought are extremely welcome and recruited.  As a point of   
>> background information, I have been discussing this idea among  
>> the  members of the overall OGSA-WG working group, and have found  
>> many  useful suggestions and an open reception to this idea.  The  
>> topic of  a BOF as discussed above has been strongly encouraged.
>> Best,
>> Alan
>> Alan Sill
>> TIGRE Senior Scientist
>> High Performance Computing Center
>> TTU
>> ====================================================================
>> :  Alan Sill, Texas Tech University  Office: Admin 233, MS 4-1167  :
>> :  e-mail: Alan.Sill at ttu.edu   ph. 806-742-4350  fax 806-742-4358  :
>> ====================================================================
>> --
>>   caops-wg mailing list
>>   caops-wg at ogf.org
>>   http://www.ogf.org/mailman/listinfo/caops-wg
>
>
> -- 
> David Groep
>
> ** National Institute for Nuclear and High Energy Physics, PDP/Grid  
> group **
> ** Room: H1.56 Phone: +31 20 5922179, PObox 41882, NL-1009DB  
> Amsterdam NL **
>
>

Alan Sill
TIGRE Senior Scientist
High Performance Computing Center
TTU

====================================================================
:  Alan Sill, Texas Tech University  Office: Admin 233, MS 4-1167  :
:  e-mail: Alan.Sill at ttu.edu   ph. 806-742-4350  fax 806-742-4358  :
====================================================================

More information about the ogsa-wg mailing list