[Pgi-wg] OGF PGI - Security - Interoperability in progress between EGEE and OSG (using COPS)
Etienne URBAH
urbah at lal.in2p3.fr
Fri Apr 3 08:38:28 CDT 2009
To All,
My previous today's mail shows that the security work of PGI is now
stuck into irreconcilable incompatibility between :
- RFC-3820-compliant X509 certificates and proxies on one part,
- GSI-style X509 proxies (which can be delegated) on the other part.
But there is some hope : At the last MWSG meeting in Zürich, David
GROEP has performed a presentation 'AuthZ Interop report' available at
http://indico.cern.ch/materialDisplay.py?contribId=22&sessionId=3&materialId=slides&confId=52862
This presentation describes current work in good progress begun in 2007
on security interoperability between OSG and EGEE, with the help of
Globus and Condor teams.
This work uses the Common Open Policy Service (COPS) model defined in
RFC 2748 at http://tools.ietf.org/html/rfc2748
COPS defines at least following 2 concepts :
- PDP = Policy Decision Point
- PEP = Policy Enforcement Point
Interoperability is achieved through an AuthZ Interop Profile, based on
the SAML v2 profile of XACML v2.
There are production deployments in OSG and EGEE.
So I suggest that, before reinventing the wheel, we study in detail the
above mentioned document, in order to quickly know :
- The problems which they are encountering,
- The solutions which they are founding,
- The interoperable components which they are deploying and which we
could reuse,
- ...
Best regards.
----------------------------------
Etienne URBAH IN2P3 - LAL
Bat 200 91898 ORSAY France
Tel: +33 1 64 46 84 87
Mob: +33 6 22 30 53 27
Skype: etienne.urbah
mailto:urbah at lal.in2p3.fr
----------------------------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5060 bytes
Desc: S/MIME Cryptographic Signature
Url : http://www.ogf.org/pipermail/pgi-wg/attachments/20090403/05fe1a29/attachment.bin
More information about the Pgi-wg
mailing list