[ogsa-wg] [ogsa-authn-bof] Notes from Joint OGSA WG AuthN/AuthZ call

Alan Sill Alan.Sill at ttu.edu
Thu Jun 21 15:57:19 CDT 2007 

On Jun 21, 2007, at 1:40 PM, Blair Dillaway wrote:

> Excellent notes Alan.

On Jun 21, 2007, at 11:21 AM, David Chadwick wrote:

> this is a very good set of minutes

Thanks.  It was a broad-ranging discussion so credit goes to Andrew,  
David, Frank, Mark, Stephen and Hiro for pulling it together and  
contributing to it.

> The question to ask here is whether grids should move toward
> relying on web services as the basis for interoperability? There is
> certainly a strong push in this direction, which I support. Web
> services are based on the use of SOAP messaging. WS-Security's
> official name is "Web Services Security: SOAP Message Security".
> Hence, the focus on SOAP messaging. If one wishes to use other
> protocols, such as RPC, there are other security standards
> which are appropriate.

I understand and agree completely, and my own grid effort (TIGRE) is  
based on web services-based implementations of grid services only.

I simply point out that it it technically possible to take the same  
WSDL and XML and (in some cases automatically) generate code that can  
implement the same grid services through other mechanisms.  Stating  
the standards basis for security more generally than SOAP might allow  
other implementations of grid services that do not rely on SOAP  
messaging but are otherwise perfectly usable by a give community,  
that's all.  I admit that there is not at present a large community  
clamoring for such a generalization, although it is technically  
achievable.  I also completely agree on the push to web services for  
grid service delivery.  There are plenty of technical issues to  
settle even within the scope of current implementations.

> While there are certainly interesting AuthN topics to
> discuss which go beyond the identified 'express' work, I am very
> concerned about having two AuthN groups working in parallel. It
> has been difficult to achieve critical mass on OGF security
> standard's work and I fear we'll end-up with inadequate
> engagement on both efforts. I suggest we look seriously
> at combining these efforts. Is there a scope/sequencing of work
> which makes sense where the 'express' profiles are the first
> set of deliverables for a more broadly chartered group?
> I don't personally care if such a group is officially part
> of OGSA or the Security area.
>
> I raised this issue at OGF20, but haven't heard from anyone
> regarding their opinion on having one versus two efforts.

The efforts are already essentially combined.  We pulled back on  
pushing the OGSA-AuthN work forward in order to be able to complete  
work on the current document series.  My sense is that this work is  
now reaching a mature state and that the charter work can go forward  
on defining the AuthN body of work.  The HPC-profile work done and  
now going on can be regarded as the first set of output from this  
combined effort.

Re. AuthZ, my suggestion (as a member and not a leader of that group)  
would be to button up the current set of documents as mentioned,  
which essentaially summarize the current situation for posterity and  
point to the other OASIS, XACML and WS-Trust work, put out that set  
of documents (which have been circulated and lack only formalized  
status for reference by the community), and ask David to look at the  
express profile work as we asked in the meeting.

There is important AuthZ work to do in the future, but it is not  
clear to me that this needs more of an OGSA basis than the work  
above, and my preference would be to go on to the OGSA work for  
standards as to what needs to go out over the wire to support AuthN.   
Much of the remaining work on AuthZ can be handled by the individual  
AuthZ communities.

Alan

Alan Sill, Ph.D
TIGRE Senior Scientist, High Performance Computing Center
Adjunct Professor of Physics
TTU

====================================================================
:  Alan Sill, Texas Tech University  Office: Admin 233, MS 4-1167  :
:  e-mail: Alan.Sill at ttu.edu   ph. 806-742-4350  fax 806-742-4358  :
====================================================================

More information about the ogsa-wg mailing list