[ogsa-wg] [Invitation] Security profile public comment review @ 2008-04-21 18:00 – 19:00 ()

Duane Merrill III dgm4d at virginia.edu
Mon Apr 21 09:54:07 CDT 2008 

All,

I have updated the two profile documents to address the public comments as per our discussion during our last session.  The latest revisions are Secure Addressing (https://forge.gridforum.org/sf/go/doc14938?nav=1) and Secure Communication (https://forge.gridforum.org/sf/go/doc14937?nav=1).

Secure Addressing version comments:
  a.. Minor edits to introduction
  b.. The Profile now mandates digital signature of EPRs bearing security policy
  c.. Minor edits to conformance targets to reflect WS-SecurityPolicy's notion of endpoint and operation policy subjects
  d.. Added minor security discussion recommending temporal and path validation of signing tokens 
  e.. Other minor, non-normative edits

Secure Communication version comments:
  a.. Minor edits to introduction
  b.. Incorporated WS-SecurityPolicy's notion of endpoint and operation policy subjects into conformance targets and well-known polcy documents 
  c.. Removed FIPS conformance-related requirement 
  d.. Added large security discussion regarding the security concerns related to binding key information within policy documents: specifically matters of trustworthiness, integrity, and validity 
  e.. Added confidentiality requirement for using username-token 
  f.. Added security discussion for password-digest regarding replay to other services 
  g.. Added profiling of including a <wsu:Timestamp> element within policy documents to facilitate policy versioning 
  h.. Added timestamp requirement for message-level Mutual X.509 binding 
  i.. Fixed incorrect policy specification within message-level Mutual X.509 binding: improper use of alternatives for the type of X.509 token specified as the recipient token. (Now enclosed recipient tokens are X.509 PKIPath chains of one or more certificates) 
  j.. Other minor non-normative edits
Cheers, 

Duane


 
  ----- Original Message ----- 
  From: Hiro Kishimoto 
  To: ogsa-wg at ogf.org 
  Sent: Monday, April 21, 2008 5:08 AM
  Subject: [ogsa-wg] [Invitation] Security profile public comment review @ 2008-04-21 18:00 – 19:00 ()



  ogsa-wg at ogf.org, you are invited to

  Security profile public comment review
  2008-04-21 18:00 – 19:00 
  (Timezone: Central Time) 

  Calendar: 

  When: 7-8pm EDT, 6-7pm CDT, 4-5pm PDT, 8-9am JST, midnight-1am UK

  Dial-in numbers:
  US: +1 718 3541071 (New York) or
  +1 408 9616509 (San Jose)
  UK: +44 (0)207 3655269 (London)
  Germany: +49 (0)69 50070802 (Frankfurt) 
  Switzerland: +41 (0)1 8009574 (Zurich)
  Japan: +81 (0)3 3570 8225 (Tokyo)
  PIN: 4371991
  See more information:
  - https://forge.gridforum.org/sf/go/wiki1477

  Screen share service:
  URL: 

  http://ogsa.glance.net/

  Usage: https://forge.gridforum.org/sf/go/wiki1584

  Note: ** OGF IPR POLICY APPLIES **


  http://www.ogf.org/About/abt_policies.php

  1) Early discussion
  Note taker assignment
  - https://forge.gridforum.org/sf/go/wiki1848

  Roll call
  Agenda bashing

  2) Minutes approval and AI review 

  Minutes for approval
  April 7 call: https://forge.ogf.org/sf/go/doc15175

  Action Item review


  http://forge.ogf.org/short/ogsa-wg/ailist

  3) Security Profile Public Comments Review (Duane)

  Secure Addressing Profile 1.0
  https://forge.gridforum.org/sf/discussion/do/listTopics/projects.ggf-editor/discussion.rec_secure_addressing_profile_1

  Secure Communication Profile 1.0
  https://forge.gridforum.org/sf/discussion/do/listTopics/projects.ggf-editor/discussion.rec_secure_communication_profile

  4) AoB
  More event details»

  Will you attend?
  Yes |No |Maybe



  You are receiving this courtesy email at the account ogsa-wg at ogf.org because you are an attendee of this event.

  To stop receiving future notifications for this event, decline this event. Alternatively you can sign up for a Google account at http://www.google.com/calendar/ and control your notification settings for your entire calendar.



------------------------------------------------------------------------------


  --
    ogsa-wg mailing list
    ogsa-wg at ogf.org
    http://www.ogf.org/mailman/listinfo/ogsa-wg
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.ogf.org/pipermail/ogsa-wg/attachments/20080421/20457296/attachment-0001.html

More information about the ogsa-wg mailing list