[ogsa-wg] [ogsa-authn-bof] Notes from Joint OGSA WG AuthN/AuthZ call

[Blair Dillaway]

I appreciate Donal and David sharing their views on the current AuthZ work. Let me just say up front that I believe the approach of  profiling other standards to address unique grid community needs is the right one. One can also identify grid needs that aren't being addressed in other standards groups. I would like to believe we're struggling with an issue of perceived importance, not approach.

Questions I've been thinking about, and my take on the situation:
- Why has participation dropped off despite historic interest?
A couple of people have indicated their work commitments caused them to pull back. It also appears some people are prioritizing other standards work ahead of this effort.
- Who are the key customers/implementers for these standards and why aren't they participating?
As Frank noted the other day, other Globus security work has been prioritized ahead of standards. My own employer doesn't see these profiles as a current priority, which impacts my ability to engage in the WG. I suspect other potential implementers have similar views. The lack of response to David's request for requirements does make one question the demand from grid deployers.

I previously mentioned the 'not a priority' reactions I got from some security folks not currently engaged in the OGF.

So, it certainly seems like an uphill battle in convincing people this work is critical to undertake now. Putting together convincing arguments on the benefits, and socializing them with the grid community, would be a lot of work. I'm not even certain the WG could effectively engage on this given the current level of participation.

Am I off-base on my perception of the situation? Are there other actions we should be considering?

Regards,
Blair Dillaway