[ogsa-wg] [caops-wg] Draft charter for OGSA-AuthN WG
Alan Sill
Alan.Sill at ttu.edu
Wed Oct 18 08:39:54 CDT 2006
Hi David,
Thanks for the note. I absolutely agree in principle with the
demarkation that you describe, and think that there is work for each
of these work groups in the respective technologies. Also, the need
for communication between the two groups on related issues is clear.
OGSA-AuthN should work on authentication-related technologies and a
road map for grid services in the context of the overall OGSA effort
in contact with CAOps, the IGTF, and informed by the previous BOFs in
this area.
Now that we have two announced area directors for the Security Area
within OGF, I hope to work with them to develop the charter in
official form, taking into account all input, with the hope and aim
to hit the ground running with a charter and activities for this work
group clearly thought out if possible in time for OGF 19.
Thank you very much for your input and for your work in OGSA-AuthZ
and related areas. All involved and with related opinions should
feel welcome to participate as appropriate in each of these groups,
and I look forward to the supervision of the Area Directors in
developing these and other work groups, research groups, and
operations groups as needed in the Security Area. I believe that one
clear positive development that will result from this process will be
a clear connection between CAOps, the IGTF, and other applicable
authentication technologies and the OGSA standards process.
I will be in touch with our new area directors to complete
development of the proposed OGSA-AuthN charter in official form. All
messages, public and private, on this topic including those with
technical content as well as those with guidance and opinions on
process are welcome.
Best wishes,
Alan
On Oct 18, 2006, at 4:48 AM, David Chadwick wrote:
> HI Alan
>
> I think your charter needs to add something along the following
> lines so that the demarcation between Authn and Authz is made clear
> at the outset (then there can be no turf wars in the future, heaven
> forbid :-).
>
> The focus of this WG is authentication. The focus of the WG-Authz
> group is authorisation. There may be some blurring of this
> distinction in the actual technologies that are used in
> deployments, for example, when a security token contains both a
> public key and attributes and can therefore be used for both
> authentication and authorisation purposes. Nevertheless, even is
> such cases, there are clearly separate procedures needed for
> validating a security token from an authentication perspective and
> an authorisation perspective. This WG will consider the former
> only, whilst the OGSA Authz WG will consider the latter only. In
> all cases the authentication validation procedures precede the
> authorisation validation procedures, and are a necessary precursor
> to the latter.
>
> regards
>
> David
>
> Alan Sill wrote:
>> Discussion among participants and potential participants has
>> indicated a desire to proceed directly to a launch of the OGSA-
>> AuthN working group rather than proceed through a BOF. Most
>> people who would participate or be affected have up to now been
>> involved in related efforts and would be able to come up to speed
>> fairly quickly in this effort.
>> Here are the elements of a charter, or potential charter, for
>> this group that I have identified:
>> 1) Review existing security profiles resulting from previous
>> efforts of the Security area and security design group from the
>> OGSA-WG effort
>> a) Compare them to existing technology and best practices in the
>> community and check for consistency of coverage
>> b) Document authentication profiles that may be missing or
>> incomplete
>> b) Review mature and maturing technologies likely to affect the
>> above best practices for grid services
>> 2) Provide an AuthN development roadmap to compare with the
>> overall OGSA roadmap
>> 3) Spawn any subgroups and/or suggest associated research groups
>> that may be necessary for consistent development in this area.
>> The charter can be developed from the above skeleton, and the
>> basics agreed to before the first session at OGF-19 in North
>> Carolina.
>> It is explicitly a part of the charter for this group to work in
>> a symmetrical manner with any OGSA-AuthZ work that may be needed
>> for consistency in grid services.
>> Comments welcome.
>> Alan
>> Alan Sill
>> TIGRE Senior Scientist
>> High Performance Computing Center
>> TTU
>> ====================================================================
>> : Alan Sill, Texas Tech University Office: Admin 233, MS 4-1167 :
>> : e-mail: Alan.Sill at ttu.edu ph. 806-742-4350 fax 806-742-4358 :
>> ====================================================================
>> --
>> caops-wg mailing list
>> caops-wg at ogf.org
>> http://www.ogf.org/mailman/listinfo/caops-wg
>
> --
>
> *****************************************************************
> David W. Chadwick, BSc PhD
> Professor of Information Systems Security
> The Computing Laboratory, University of Kent, Canterbury, CT2 7NF
> Skype Name: davidwchadwick
> Tel: +44 1227 82 3221
> Fax +44 1227 762 811
> Mobile: +44 77 96 44 7184
> Email: D.W.Chadwick at kent.ac.uk
> Home Page: http://www.cs.kent.ac.uk/people/staff/dwc8/index.html
> Research Web site: http://sec.cs.kent.ac.uk
> Entrust key validation string: MLJ9-DU5T-HV8J
> PGP Key ID is 0xBC238DE5
>
> *****************************************************************
>
Alan Sill
TIGRE Senior Scientist
High Performance Computing Center
TTU
====================================================================
: Alan Sill, Texas Tech University Office: Admin 233, MS 4-1167 :
: e-mail: Alan.Sill at ttu.edu ph. 806-742-4350 fax 806-742-4358 :
====================================================================
More information about the ogsa-wg
mailing list