[ogsa-wg] Notes from OGSA EAP call 06/18
Duane Merrill
dgm4d at virginia.edu
Mon Jul 2 15:47:30 CDT 2007
Attendees:
Mark Morgan (UVa)
Duane Merrill (UVa)
Blair Dillaway (Microsoft)
Steven Newhouse (Microsoft)
David Chadwick (Kent U)
Chris Kantarjiev (Oracle)
Hiro Kishimoto (Fujitsu)
ZackK
Agenda Items:
- Present the transition of these documents to target the
WS-SecurityPolicy grammar (Duane Merrill)
- Address any relevant trackers (Duane Merrill)
Duane gave an overview of the transition from a Liberty-like security
policy assertion mechanism for EPRs to a WS-SecurityPolicy based
scheme. Ran through an example contained in all three profile documents
that addresses components from each (Addressing, Transport, SOAP messaging).
Discussion on whether or not to consolidate profile documents into one
document. Pros: less "pointer chasing" to read. Cons: what to do about
partial compliance, how to effect partial derivation for
as-yet-to-be-created subprofiles, monolithic document paradigm inviting
more policy-related complexity (such as AuthZ requirements). General
consensus is to keep orthogonal ERP security profiling separate,
lightweight.
Discussion (spurred by comments from Frank, David, I believe) about
adding/profiling mechanism for expressing AuthZ policy requirements
(beyond simple credential/token-type statements), such as "You must be
able to present a SAML token asserting your membership in group XYZ".
While useful, consensus was that this type of profiling for EPR authZ
policy should go into a separate profile for which separate conformance
claims can be made.
Because the documents were published earlier that afternoon, Duane
recommended to the group that everyone review them and followup with
discussion on the OGSAWG mailing list.
____________________
Duane Merrill
dgm4d at cs.virginia.edu
Computer Science Department
University of Virginia
More information about the ogsa-wg
mailing list