[ogsa-wg] [update] OGSA Security Profile 1.0 - Secure Channel

Hiro Kishimoto hiro.kishimoto at jp.fujitsu.com
Tue Jan 16 08:04:54 CST 2007 

Thanks Marty for your comments.

 > The text that is new in Section 3 has the same problem that Von Welch
 > (correctly) identified with the previous version:
 >
 >  The document references the "Basic-Security-Profile"
 >  in section 3.2.1. I was confused at first as to whether this
 >  was the OGSA BSP or the WS-I BSP. I suggest this usage include
 >  the full title of the document being referenced.

Yes, there were some editorial typos in the version 24.

Actually, we defined the term "the Profile" and "Basic-Security-Profile"
in section 1 (page 1, line 65) and section 1.3 (page 4, line 129).
And section 3.2.1 refers the later adequately but section 3 on page 5
does not refer this defined special term (thus I've fixed these in new
version).

 > Instead of writing "Basic Security Profile 1.0", can't you write 
"WS-I Basic
 > Security Profile 1.0"? And instead of "Profile", can't you write "OGSA
 > Security Profile 1.0 - Secure Channel"? (If indeed this is what you 
mean).
 > And please change it in ALL places in the text, not just this single 
line.

Given that we have the above defined terms. We use terms
"Basic-Security-Profile" and "the Profile" consistently through this
specification. I believe I've fixed these problem in version 25.

 > More broadly, I'm not sure what makes THIS one (the "secure channel")
 > *NOT*a "BASIC Profile", while "core" is a "BASIC" profile.
 > They're both optional
 > to OGSA services, so arguably "BASIC" should be removed from the title of
 > "core" as well. Stated differently, I question the logic of referring to
 > something that addresses the fringe concept of "key information 
binding to
 > an endpoint reference" as "BASIC" and referring to something that
 > essentially just talks about TLS/SSL as apparently *NOT* "BASIC".

Secure channel covers transport level security only and does not cover
message level security (as explained in page 3, line 101-104). On the
other hand, Core profile "Key Information Binding to Endpoint Reference"
covers both TLS and MLS. This is the reason we think only "core profile"
should be OGSA basic security profile.

I've upload revised version (v25) of secure channel profile into
GridForge. I want to submit this version to the OGF editor before OGF19.
- https://forge.gridforum.org/sf/go/doc13560

Again, thank you very much. Your feedback is very helpful.
If you have any farther comments, please let us know.
----
Hiro Kishimoto

Marty Humphrey wrote:
> The text that is new in Section 3 has the same problem that Von Welch
> (correctly) identified with the previous version:
> 
>  The document references the "Basic-Security-Profile"
>  in section 3.2.1. I was confused at first as to whether this
>  was the OGSA BSP or the WS-I BSP. I suggest this usage include
>  the full title of the document being referenced.
> 
> Here's one example of the text that needs to be clarified:
> 
> " Note that while section 4.2 of the Basic Security Profile 1.0 mandates,
> recommends, and discourages support for certain ciphersuites, the Basic
> Security Profile 1.0 does not prohibit use of any specific ciphersuite.
> While section 3.3, 3.4 and 3.5 of the Profile prohibits certain
> ciphersuites, the Profile does not prohibit use of any specific ciphersuite
> other than those."
> 
> Instead of writing "Basic Security Profile 1.0", can't you write "WS-I Basic
> Security Profile 1.0"? And instead of "Profile", can't you write "OGSA
> Security Profile 1.0 - Secure Channel"? (If indeed this is what you mean).
> And please change it in ALL places in the text, not just this single line.
> 
> More broadly, I'm not sure what makes THIS one (the "secure channel") *NOT*
> a "BASIC Profile", while "core" is a "BASIC" profile. They're both optional
> to OGSA services, so arguably "BASIC" should be removed from the title of
> "core" as well. Stated differently, I question the logic of referring to
> something that addresses the fringe concept of "key information binding to
> an endpoint reference" as "BASIC" and referring to something that
> essentially just talks about TLS/SSL as apparently *NOT* "BASIC". 
> 
> -- Marty
> 
> 
> -----Original Message-----
> From: ogsa-wg-bounces at ogf.org [mailto:ogsa-wg-bounces at ogf.org] On Behalf Of
> Takuya Mori
> Sent: Tuesday, December 05, 2006 6:07 AM
> To: ogsa-wg at ogf.org
> Subject: [ogsa-wg] [update] OGSA Security Profile 1.0 - Secure Channel
> 
> Dear All,
> 
> I have updated the SP - SC document as we discussed in the Nov 27
> conference call, and I think it's ready for FINAL CALL.
> 
> Please have a look through the document.  
> Any comments are welcomed.
> 
> The updated version of the profile is available on GridForge.
> OGSA Security Profile 1.0 - Secure Channel:
> https://forge.gridforum.org/sf/docman/do/downloadDocument/projects.ogsa-wg/d
> ocman.root.working_drafts.security_profile_1_0/doc13560/23
> 
> Changes:
> - accepted all the change trackers
> - updated the acknowledgement section
> - updated the extensibility points since those of the extended 
>   profile had been updated
> - added a sentence on the extensibility points E009 and E011
> - updated Table 6
> - a number of changes, mainly gramatical errors
> 
> Best regards,
> Takuya
> 
> ----
>     Takuya Mori
>     moritaku at bx.jp.nec.com / tk-mori at isd.nec.co.jp
>     System Platform Software Development Division
>     NEC Corporation, Tokyo Japan
> --
>   ogsa-wg mailing list
>   ogsa-wg at ogf.org
>   http://www.ogf.org/mailman/listinfo/ogsa-wg
> 
> --
>   ogsa-wg mailing list
>   ogsa-wg at ogf.org
>   http://www.ogf.org/mailman/listinfo/ogsa-wg
> 
>

More information about the ogsa-wg mailing list