[ogsa-wg] [caops-wg] Draft charter for OGSA-AuthN WG

Alan Sill Alan.Sill at ttu.edu
Wed Oct 18 08:39:54 CDT 2006 

Hi David,

Thanks for the note.  I absolutely agree in principle with the  
demarkation that you describe, and think that there is work for each  
of these work groups in the respective technologies.  Also, the need  
for communication between the two groups on related issues is clear.   
OGSA-AuthN should work on authentication-related technologies and a  
road map for grid services in the context of the overall OGSA effort  
in contact with CAOps, the IGTF, and informed by the previous BOFs in  
this area.

Now that we have two announced area directors for the Security Area  
within OGF, I hope to work with them to develop the charter in  
official form, taking into account all input, with the hope and aim  
to hit the ground running with a charter and activities for this work  
group clearly thought out if possible in time for OGF 19.

Thank you very much for your input and for your work in OGSA-AuthZ  
and related areas.  All involved and with related opinions should  
feel welcome to participate as appropriate in each of these groups,  
and I look forward to the supervision of the Area Directors in  
developing these and other work groups, research groups, and  
operations groups as needed in the Security Area.  I believe that one  
clear positive development that will result from this process will be  
a clear connection between CAOps, the IGTF, and other applicable  
authentication technologies and the OGSA standards process.

I will be in touch with our new area directors to complete  
development of the proposed OGSA-AuthN charter in official form.  All  
messages, public and private, on this topic including those with  
technical content as well as those with guidance and opinions on  
process are welcome.

Best wishes,
Alan

On Oct 18, 2006, at 4:48 AM, David Chadwick wrote:

> HI Alan
>
> I think your charter needs to add something along the following  
> lines so that the demarcation between Authn and Authz is made clear  
> at the outset (then there can be no turf wars in the future, heaven  
> forbid :-).
>
> The focus of this WG is authentication. The focus of the WG-Authz  
> group is authorisation. There may be some blurring of this  
> distinction in the actual technologies that are used in  
> deployments, for example, when a security token contains both a  
> public key and attributes and can therefore be used for both  
> authentication and authorisation purposes. Nevertheless, even is  
> such cases, there are clearly separate procedures needed for  
> validating a security token from an authentication perspective and  
> an authorisation perspective. This WG will consider the former  
> only, whilst the OGSA Authz WG will consider the latter only. In  
> all cases the authentication validation procedures precede the  
> authorisation validation procedures, and are a necessary precursor  
> to the latter.
>
> regards
>
> David
>
> Alan Sill wrote:
>> Discussion among participants and potential participants has   
>> indicated a desire to proceed directly to a launch of the OGSA- 
>> AuthN  working group rather than proceed through a BOF.  Most  
>> people who  would participate or be affected have up to now been  
>> involved in  related efforts and would be able to come up to speed  
>> fairly quickly  in this effort.
>> Here are the elements of a charter, or potential charter, for  
>> this  group that I have identified:
>> 1) Review existing security profiles resulting from previous  
>> efforts  of the Security area and security design group from the  
>> OGSA-WG effort
>> 	a) Compare them to existing technology and best practices in the   
>> community and check for consistency of coverage
>> 	b) Document authentication profiles that may be missing or  
>> incomplete
>> 	b) Review mature and maturing technologies likely to affect the   
>> above best practices for grid services
>> 2) Provide an AuthN development roadmap to compare with the  
>> overall  OGSA roadmap
>> 3) Spawn any subgroups and/or suggest associated research groups  
>> that  may be necessary for consistent development in this area.
>> The charter can be developed from the above skeleton, and the  
>> basics  agreed to before the first session at OGF-19 in North  
>> Carolina.
>> It is explicitly a part of the charter for this group to work in  
>> a  symmetrical manner with any OGSA-AuthZ work that may be needed  
>> for  consistency in grid services.
>> Comments welcome.
>> Alan
>> Alan Sill
>> TIGRE Senior Scientist
>> High Performance Computing Center
>> TTU
>> ====================================================================
>> :  Alan Sill, Texas Tech University  Office: Admin 233, MS 4-1167  :
>> :  e-mail: Alan.Sill at ttu.edu   ph. 806-742-4350  fax 806-742-4358  :
>> ====================================================================
>> --
>>   caops-wg mailing list
>>   caops-wg at ogf.org
>>   http://www.ogf.org/mailman/listinfo/caops-wg
>
> -- 
>
> *****************************************************************
> David W. Chadwick, BSc PhD
> Professor of Information Systems Security
> The Computing Laboratory, University of Kent, Canterbury, CT2 7NF
> Skype Name: davidwchadwick
> Tel: +44 1227 82 3221
> Fax +44 1227 762 811
> Mobile: +44 77 96 44 7184
> Email: D.W.Chadwick at kent.ac.uk
> Home Page: http://www.cs.kent.ac.uk/people/staff/dwc8/index.html
> Research Web site: http://sec.cs.kent.ac.uk
> Entrust key validation string: MLJ9-DU5T-HV8J
> PGP Key ID is 0xBC238DE5
>
> *****************************************************************
>

Alan Sill
TIGRE Senior Scientist
High Performance Computing Center
TTU

====================================================================
:  Alan Sill, Texas Tech University  Office: Admin 233, MS 4-1167  :
:  e-mail: Alan.Sill at ttu.edu   ph. 806-742-4350  fax 806-742-4358  :
====================================================================

More information about the ogsa-wg mailing list