[ogsa-wg] [Invitation] Security profile public comment review @ 2008-04-21 18:00 – 19:00 ()
Duane Merrill III
dgm4d at virginia.edu
Mon Apr 21 09:54:07 CDT 2008
All,
I have updated the two profile documents to address the public comments as per our discussion during our last session. The latest revisions are Secure Addressing (https://forge.gridforum.org/sf/go/doc14938?nav=1) and Secure Communication (https://forge.gridforum.org/sf/go/doc14937?nav=1).
Secure Addressing version comments:
a.. Minor edits to introduction
b.. The Profile now mandates digital signature of EPRs bearing security policy
c.. Minor edits to conformance targets to reflect WS-SecurityPolicy's notion of endpoint and operation policy subjects
d.. Added minor security discussion recommending temporal and path validation of signing tokens
e.. Other minor, non-normative edits
Secure Communication version comments:
a.. Minor edits to introduction
b.. Incorporated WS-SecurityPolicy's notion of endpoint and operation policy subjects into conformance targets and well-known polcy documents
c.. Removed FIPS conformance-related requirement
d.. Added large security discussion regarding the security concerns related to binding key information within policy documents: specifically matters of trustworthiness, integrity, and validity
e.. Added confidentiality requirement for using username-token
f.. Added security discussion for password-digest regarding replay to other services
g.. Added profiling of including a <wsu:Timestamp> element within policy documents to facilitate policy versioning
h.. Added timestamp requirement for message-level Mutual X.509 binding
i.. Fixed incorrect policy specification within message-level Mutual X.509 binding: improper use of alternatives for the type of X.509 token specified as the recipient token. (Now enclosed recipient tokens are X.509 PKIPath chains of one or more certificates)
j.. Other minor non-normative edits
Cheers,
Duane
----- Original Message -----
From: Hiro Kishimoto
To: ogsa-wg at ogf.org
Sent: Monday, April 21, 2008 5:08 AM
Subject: [ogsa-wg] [Invitation] Security profile public comment review @ 2008-04-21 18:00 – 19:00 ()
ogsa-wg at ogf.org, you are invited to
Security profile public comment review
2008-04-21 18:00 – 19:00
(Timezone: Central Time)
Calendar:
When: 7-8pm EDT, 6-7pm CDT, 4-5pm PDT, 8-9am JST, midnight-1am UK
Dial-in numbers:
US: +1 718 3541071 (New York) or
+1 408 9616509 (San Jose)
UK: +44 (0)207 3655269 (London)
Germany: +49 (0)69 50070802 (Frankfurt)
Switzerland: +41 (0)1 8009574 (Zurich)
Japan: +81 (0)3 3570 8225 (Tokyo)
PIN: 4371991
See more information:
- https://forge.gridforum.org/sf/go/wiki1477
Screen share service:
URL:
http://ogsa.glance.net/
Usage: https://forge.gridforum.org/sf/go/wiki1584
Note: ** OGF IPR POLICY APPLIES **
http://www.ogf.org/About/abt_policies.php
1) Early discussion
Note taker assignment
- https://forge.gridforum.org/sf/go/wiki1848
Roll call
Agenda bashing
2) Minutes approval and AI review
Minutes for approval
April 7 call: https://forge.ogf.org/sf/go/doc15175
Action Item review
http://forge.ogf.org/short/ogsa-wg/ailist
3) Security Profile Public Comments Review (Duane)
Secure Addressing Profile 1.0
https://forge.gridforum.org/sf/discussion/do/listTopics/projects.ggf-editor/discussion.rec_secure_addressing_profile_1
Secure Communication Profile 1.0
https://forge.gridforum.org/sf/discussion/do/listTopics/projects.ggf-editor/discussion.rec_secure_communication_profile
4) AoB
More event details»
Will you attend?
Yes |No |Maybe
You are receiving this courtesy email at the account ogsa-wg at ogf.org because you are an attendee of this event.
To stop receiving future notifications for this event, decline this event. Alternatively you can sign up for a Google account at http://www.google.com/calendar/ and control your notification settings for your entire calendar.
------------------------------------------------------------------------------
--
ogsa-wg mailing list
ogsa-wg at ogf.org
http://www.ogf.org/mailman/listinfo/ogsa-wg
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.ogf.org/pipermail/ogsa-wg/attachments/20080421/20457296/attachment-0001.html
More information about the ogsa-wg
mailing list