[ogsa-wg] [OGSA-AUTHZ] Minutes of OGSA-WG + OGSA-AuthZ Joint telephone call 8 Mar 2007

David Chadwick d.w.chadwick at kent.ac.uk
Thu Mar 8 16:27:04 CST 2007 

Hi Alan

thanks for your comprehensive minutes. There is just one clarification I 
would like to make as below

Alan Sill wrote:

>  David C. pointed out that this discussion,
> while true, is at a different level than the current activities of  
> the OGSA-AuthZ group, which focuses on protocols for transmission of  
> authorization-related information, rather than particular specific  
> schema or attributes.  (This was an important principle in getting  
> AuthZ activities going forward in a useful way toward standardization  
> of the _syntax_ of attributes.)  He held out the example of LDAP,  
> which went through a similar evolution.
> 

Actually I thought I said that the LDAP/X.500 community tried to get 
international agreement on standard attributes (syntax and semantics), 
but in the end it failed for all but a small subset of attributes (such 
as telephone number) as most organisations either defined their own 
attributes entirely, or used the syntax of existing attribute 
definitions but bent the semantics to fit those of their own 
organisation. Thus the ability to standardise all attributes and 
transfer a complete set of user attributes between systems in a 
meaningful way never materialised (ignoring the privacy issues). My gut 
feeling is that the same thing will happen for authorisation attributes. 
The granularity and semantics of attributes used in one organisation 
will be too finely grained for transfer between organisations, and so 
systems will implement either attribute mappings at gateways or 
reissuing of new attributes in each VO that you participate.

regards

David


*****************************************************************
David W. Chadwick, BSc PhD
Professor of Information Systems Security
The Computing Laboratory, University of Kent, Canterbury, CT2 7NF
Skype Name: davidwchadwick
Tel: +44 1227 82 3221
Fax +44 1227 762 811
Mobile: +44 77 96 44 7184
Email: D.W.Chadwick at kent.ac.uk
Home Page: http://www.cs.kent.ac.uk/people/staff/dwc8/index.html
Research Web site: http://www.cs.kent.ac.uk/research/groups/iss/index.html
Entrust key validation string: MLJ9-DU5T-HV8J
PGP Key ID is 0xBC238DE5

*****************************************************************

More information about the ogsa-wg mailing list