[ogsa-wg] Updated Express AuthN Profile docs
Hiro Kishimoto
hiro.kishimoto at jp.fujitsu.com
Tue Jul 3 20:13:19 CDT 2007
Hi Chris and Bill,
Thank you very much for your notes.
Based on the discussion we've had July 2 call, Andrew is now collecting
*real* Kerberos use case. We would very much appreciate if you could
give us ones.
Draft minutes from July 2nd.
> - A question for the group: Would it be a good idea to also profile a Kerberos
> message-level binding assertion policy within the OGSA-SPSecureSoapMessaging
> profile? The document currently profiles X.509 and
> Username Token binding policies, primarily because of their widespread use /
> ease-of-adoption. Thoughts?
> o Technically reasonable – potential warning of complications when trying
> to merge capabilities (scope creep). However suggest that if your service
> requires Kerberos, then the profile would state how a Kerberos message
> would be handled.
> o Consensus: After a SAML discussion, agreed to leave SAML out of
> express AuthN for now
> - Use-case discussion
> o Use-Case discussions regarding interactions between different Grid
> systems, having gone through X.509 adoption….might have been happy to
> just use Kerberos. Depends on domain, as cross-domains can be difficult,
> in which case X.509 might be better – would like to hear from Enterprise
> Grids. Which portions of system? Integration is important (flexibility).
> - Andrew proposes: Proceed along current course while reaching out to
> communities to determine Kerberos usage and need for inclusion or separate
> document.
> o Consensus: Sounds reasonable. (6:33pm).
https://forge.gridforum.org/sf/go/doc14654
Thanks again,
----
Hiro Kishimoto
-------- Original Message --------
Subject: Re:[ogsa-wg] Updated Express AuthN Profile docs
From: <bill at computer.org>
To: 'ogsa-wg' <ogsa-wg at ogf.org>
Date: 2007/07/04 2:00
> Hi,
>
> I agree -- the real use case for us involves forwarding tokens too.
>
> Best regards,
>
> - bill
>
> -----Original Message-----
> From: ogsa-wg-bounces at ogf.org [mailto:ogsa-wg-bounces at ogf.org] On Behalf Of
> Christopher Smith
> Sent: Tuesday, July 03, 2007 8:58 AM
> To: Blair Dillaway; Duane Merrill; ogsa-wg
> Subject: Re: [ogsa-wg] Updated Express AuthN Profile docs
>
> I, for one, am interested in a profile like this. The Kerberos Token Profile
> seems fine for the authentication step, but one of our main use cases is the
> forwarding of Kerberos tokens for subsequent use in the environment of jobs
> and the like, and I don't think the Kerberos Token Profile covers this at
> all.
>
> -- Chris
>
>
> On 02/7/07 14:51, "Blair Dillaway" <blaird at microsoft.com> wrote:
>
>> Duane Merrill wrote:
>>> A question for the group: Would it be a good idea to also profile a
>>> Kerberos message-level binding assertion policy within the
>> It might be a good idea and provide value to the community. Before we decide,
>> I think we need to get a better sense of how important a new Kerberos
>> interoperability profile is from the people who deploy and/or provide
>> solutions for organizational grids where Kerberos is already present. If
>> you're in one of these categories, your input would be appreciated.
>>
>> Are there specific grid scenarios where supporting a Kerberos message
>> authentication option is critical?
>> Do you feel the existing OASIS "Web Services Security Kerberos Token Profile
>> v1.1" specification an adequate basis for grid web services interoperability?
>>
>> Regards,
>> Blair Dillaway
>>
>> --
>> ogsa-wg mailing list
>> ogsa-wg at ogf.org
>> http://www.ogf.org/mailman/listinfo/ogsa-wg
>
> --
> ogsa-wg mailing list
> ogsa-wg at ogf.org
> http://www.ogf.org/mailman/listinfo/ogsa-wg
>
>
> --
> ogsa-wg mailing list
> ogsa-wg at ogf.org
> http://www.ogf.org/mailman/listinfo/ogsa-wg
>
>
More information about the ogsa-wg
mailing list