[ogsa-wg] [ogsa-authn-bof] Notes from Joint OGSA WG AuthN/AuthZ call
Alan Sill
Alan.Sill at ttu.edu
Thu Jun 21 15:57:19 CDT 2007
On Jun 21, 2007, at 1:40 PM, Blair Dillaway wrote:
> Excellent notes Alan.
On Jun 21, 2007, at 11:21 AM, David Chadwick wrote:
> this is a very good set of minutes
Thanks. It was a broad-ranging discussion so credit goes to Andrew,
David, Frank, Mark, Stephen and Hiro for pulling it together and
contributing to it.
> The question to ask here is whether grids should move toward
> relying on web services as the basis for interoperability? There is
> certainly a strong push in this direction, which I support. Web
> services are based on the use of SOAP messaging. WS-Security's
> official name is "Web Services Security: SOAP Message Security".
> Hence, the focus on SOAP messaging. If one wishes to use other
> protocols, such as RPC, there are other security standards
> which are appropriate.
I understand and agree completely, and my own grid effort (TIGRE) is
based on web services-based implementations of grid services only.
I simply point out that it it technically possible to take the same
WSDL and XML and (in some cases automatically) generate code that can
implement the same grid services through other mechanisms. Stating
the standards basis for security more generally than SOAP might allow
other implementations of grid services that do not rely on SOAP
messaging but are otherwise perfectly usable by a give community,
that's all. I admit that there is not at present a large community
clamoring for such a generalization, although it is technically
achievable. I also completely agree on the push to web services for
grid service delivery. There are plenty of technical issues to
settle even within the scope of current implementations.
> While there are certainly interesting AuthN topics to
> discuss which go beyond the identified 'express' work, I am very
> concerned about having two AuthN groups working in parallel. It
> has been difficult to achieve critical mass on OGF security
> standard's work and I fear we'll end-up with inadequate
> engagement on both efforts. I suggest we look seriously
> at combining these efforts. Is there a scope/sequencing of work
> which makes sense where the 'express' profiles are the first
> set of deliverables for a more broadly chartered group?
> I don't personally care if such a group is officially part
> of OGSA or the Security area.
>
> I raised this issue at OGF20, but haven't heard from anyone
> regarding their opinion on having one versus two efforts.
The efforts are already essentially combined. We pulled back on
pushing the OGSA-AuthN work forward in order to be able to complete
work on the current document series. My sense is that this work is
now reaching a mature state and that the charter work can go forward
on defining the AuthN body of work. The HPC-profile work done and
now going on can be regarded as the first set of output from this
combined effort.
Re. AuthZ, my suggestion (as a member and not a leader of that group)
would be to button up the current set of documents as mentioned,
which essentaially summarize the current situation for posterity and
point to the other OASIS, XACML and WS-Trust work, put out that set
of documents (which have been circulated and lack only formalized
status for reference by the community), and ask David to look at the
express profile work as we asked in the meeting.
There is important AuthZ work to do in the future, but it is not
clear to me that this needs more of an OGSA basis than the work
above, and my preference would be to go on to the OGSA work for
standards as to what needs to go out over the wire to support AuthN.
Much of the remaining work on AuthZ can be handled by the individual
AuthZ communities.
Alan
Alan Sill, Ph.D
TIGRE Senior Scientist, High Performance Computing Center
Adjunct Professor of Physics
TTU
====================================================================
: Alan Sill, Texas Tech University Office: Admin 233, MS 4-1167 :
: e-mail: Alan.Sill at ttu.edu ph. 806-742-4350 fax 806-742-4358 :
====================================================================
More information about the ogsa-wg
mailing list