[ogsa-wg] OGSA-AuthN-WG charter effort: the Seven Questions
Alan Sill
Alan.Sill at ttu.edu
Thu Oct 26 09:24:27 CDT 2006
On Oct 23, 2006, at 9:29 PM, Hiro Kishimoto wrote:
> The Seven Questions
>
> 1. Is the scope of the proposed group sufficiently focused?
The scope of the proposed group is strictly limited to authentication
technologies for use within grid services architectures. As such, I
believe it is sufficiently focused, although the relation to
corresponding activities in authorization and in the activities of
other work groups is important and clear.
> 2. Are the topics that the group plans to address clear and
> relevant for
> the Grid research, development, industrial, implementation, and/or
> application user community?
Authentication is a key security step in any chain of grid services
usage. Up to now, most grid applications have either used no
security (for testing purposes), a limited and often self-signed
configuration again mostly for testing purposes, or have had to rely
on pure deployment of X.509 technology infrastructures. Some
extensive community practice has grown up in the academic community,
especially with regard to deployment at and between the large-scale
national laboratories and universities on an international basis, and
siloed implementations exist within industry, as well as some federal
non-laboratory organizations. It is a goal of this work group to
document current practice and to extend the standards basis for
development of AuthN technologies within all of the above
communities. Another significant output will be recommendations for
future work in this area, taking into account all relevant
technological development in this area. Interoperability will also
be an important factor, of course.
> 3. Will the formation of the group foster (consensus–based) work that
> would not be done otherwise?
Yes. Several conversations on related technologies have sprung up
naturally within segments of the affected communities, as described
above. The existence of an OGSA AuthN work group would allow
concentration and coordination of these conversations and
recommendations in a context that is explicitly connected to the
overall OGSA standards effort.
> 4. Do the group’s activities overlap inappropriately with those of
> another OGF group or to a group active in another organization such as
> IETF or W3C? Has the relationship, if any, to the Open Grid Services
> Architecture (OGSA) been determined?
There is no other effort exclusively devoted to this task within
OGSA. Polling of the membership of other groups active in the
authentication and authorization areas has resulted in strong support
for the idea of a specific OGSA effort. Groups that have been
polled include the following:
CA-Ops: Within the current OGF structure, this group is defined as an
operations group responsible for Certificate Authority standards and
participation. It is the parent body (in a historical sense) of the
IGTF described below.
International Grid Trust Federation (IGTF): an independent body
comprised of three regional policy management authorities (PMAs) with
membership consisting of grid certificate authority providers and (in
some cases) relying parties with an interest in the operational
policies and procedures of the CA providers. The primary mechanism
of operation of the IGTF is through the development and common
accreditation of CAs against specific, detailed CP/CPS statements
within the context of Authentication Profiles (APs); APs exist for
"classic PKI" deployments as well as short-lived credential and
experimental services. Within the context of the IGTF PMA charters,
interest has been growing in improving the variety and accessibility
of grid authentication methods while retaining the ability to work
with existing grid deployments with high security.
OGSA-AuthZ: This group is focused on authorization technologies. A
variety of useful documents has been successfully produced through
various incarnations of this group to date. Its membership is
supportive of a corresponding OGSA-AuthN effort.
Shibboleth for Grids BoF: This BoF was held at GGF-18 and its
activities are documented at the URL http://grid.ncsa.uiuc.edu/events/
ggf18-shib-bof/ for reference. Although focused primarily on
authorization, Shibboleth technologies are consumers of
authentication information and a great deal of activity is being
devoted to understanding the interaction between Shibboleth and the
needs of grids. The participants in the BoF mailing list are
strongly supportive of an OGSA-AuthN effort.
> 5. Are there sufficient interest and expertise in the group’s topic,
> with at least several people willing to expend the effort that is
> likely
> to produce significant results over time?
Yes. A significant short-term effort should be exerted to identify
authors of the proposed documents and a co-chair in the near future.
> 6. Does a base of interested consumers (e.g., application developers,
> Grid system implementers, industry partners, end-users) appear to
> exist
> for the planned work?
Yes. The BoF planned for the next OGF meeting should provide
opportunities for organization of work in this area.
> 7. Does the OGF have a reasonable role to play in the determination of
> the technology?
Yes, as described above. One specific output of the group that would
be made possible by the OGF will be production of an OGF document
with recommended standards for OGSA-AUthN.
Respectfully submitted,
Alan Sill
TIGRE Senior Scientist
High Performance Computing Center
TTU
====================================================================
: Alan Sill, Texas Tech University Office: Admin 233, MS 4-1167 :
: e-mail: Alan.Sill at ttu.edu ph. 806-742-4350 fax 806-742-4358 :
====================================================================
More information about the ogsa-wg
mailing list