[ogsa-wg] [caops-wg] Draft charter for OGSA-AuthN WG

David Chadwick d.w.chadwick at kent.ac.uk
Wed Oct 18 04:48:34 CDT 2006 

HI Alan

I think your charter needs to add something along the following lines so 
that the demarcation between Authn and Authz is made clear at the outset 
(then there can be no turf wars in the future, heaven forbid :-).

The focus of this WG is authentication. The focus of the WG-Authz group 
is authorisation. There may be some blurring of this distinction in the 
actual technologies that are used in deployments, for example, when a 
security token contains both a public key and attributes and can 
therefore be used for both authentication and authorisation purposes. 
Nevertheless, even is such cases, there are clearly separate procedures 
needed for validating a security token from an authentication 
perspective and an authorisation perspective. This WG will consider the 
former only, whilst the OGSA Authz WG will consider the latter only. In 
all cases the authentication validation procedures precede the 
authorisation validation procedures, and are a necessary precursor to 
the latter.

regards

David

Alan Sill wrote:
> Discussion among participants and potential participants has  
> indicated a desire to proceed directly to a launch of the OGSA-AuthN  
> working group rather than proceed through a BOF.  Most people who  
> would participate or be affected have up to now been involved in  
> related efforts and would be able to come up to speed fairly quickly  
> in this effort.
> 
> Here are the elements of a charter, or potential charter, for this  
> group that I have identified:
> 
> 1) Review existing security profiles resulting from previous efforts  
> of the Security area and security design group from the OGSA-WG effort
> 
> 	a) Compare them to existing technology and best practices in the  
> community and check for consistency of coverage
> 
> 	b) Document authentication profiles that may be missing or incomplete
> 
> 	b) Review mature and maturing technologies likely to affect the  
> above best practices for grid services
> 
> 2) Provide an AuthN development roadmap to compare with the overall  
> OGSA roadmap
> 
> 3) Spawn any subgroups and/or suggest associated research groups that  
> may be necessary for consistent development in this area.
> 
> The charter can be developed from the above skeleton, and the basics  
> agreed to before the first session at OGF-19 in North Carolina.
> 
> It is explicitly a part of the charter for this group to work in a  
> symmetrical manner with any OGSA-AuthZ work that may be needed for  
> consistency in grid services.
> 
> Comments welcome.
> 
> Alan
> 
> 
> Alan Sill
> TIGRE Senior Scientist
> High Performance Computing Center
> TTU
> 
> ====================================================================
> :  Alan Sill, Texas Tech University  Office: Admin 233, MS 4-1167  :
> :  e-mail: Alan.Sill at ttu.edu   ph. 806-742-4350  fax 806-742-4358  :
> ====================================================================
> 
> --
>   caops-wg mailing list
>   caops-wg at ogf.org
>   http://www.ogf.org/mailman/listinfo/caops-wg
> 

-- 

*****************************************************************
David W. Chadwick, BSc PhD
Professor of Information Systems Security
The Computing Laboratory, University of Kent, Canterbury, CT2 7NF
Skype Name: davidwchadwick
Tel: +44 1227 82 3221
Fax +44 1227 762 811
Mobile: +44 77 96 44 7184
Email: D.W.Chadwick at kent.ac.uk
Home Page: http://www.cs.kent.ac.uk/people/staff/dwc8/index.html
Research Web site: http://sec.cs.kent.ac.uk
Entrust key validation string: MLJ9-DU5T-HV8J
PGP Key ID is 0xBC238DE5

*****************************************************************

More information about the ogsa-wg mailing list