[Pgi-wg] OGF PGI - Security - Interoperability in progress between EGEE and OSG (using COPS)

Steven Newhouse Steven.Newhouse at cern.ch
Fri Apr 3 08:47:40 CDT 2009 

It is my understanding that this work addresses a very different use case than we have been discussing within PGI. Its a deployment that is encapsulated within the service infrastructure (generally within a single site) to support authorization decisions. Not the user/role driven authentication tokens that we have been discussing within PGI - our primary use case.

Steven

Dr Steven Newhouse
EGEE Technical Director
http://cern.ch/Steven.Newhouse


> -----Original Message-----
> From: pgi-wg-bounces at ogf.org [mailto:pgi-wg-bounces at ogf.org] On Behalf
> Of Etienne URBAH
> Sent: 03 April 2009 15:38
> To: pgi-wg at ogf.org
> Cc: edges-na3 at mail.edges-grid.eu; lodygens at lal.in2p3.fr
> Subject: [Pgi-wg] OGF PGI - Security - Interoperability in progress
> between EGEE and OSG (using COPS)
> 
> To All,
> 
> 
> My previous today's mail shows that the security work of PGI is now
> stuck into irreconcilable incompatibility between :
> -  RFC-3820-compliant X509 certificates and proxies on one part,
> -  GSI-style X509 proxies (which can be delegated) on the other part.
> 
> 
> But there is some hope :  At the last MWSG meeting in Zürich, David
> GROEP has performed a presentation 'AuthZ Interop report' available at
> http://indico.cern.ch/materialDisplay.py?contribId=22&sessionId=3&mater
> ialId=slides&confId=52862
> 
> This presentation describes current work in good progress begun in 2007
> on security interoperability between OSG and EGEE, with the help of
> Globus and Condor teams.
> 
> This work uses the Common Open Policy Service (COPS) model defined in
> RFC 2748 at http://tools.ietf.org/html/rfc2748
> 
> COPS defines at least following 2 concepts :
> -  PDP = Policy Decision Point
> -  PEP = Policy Enforcement Point
> 
> Interoperability is achieved through an AuthZ Interop Profile, based on
> the SAML v2 profile of XACML v2.
> 
> There are production deployments in OSG and EGEE.
> 
> 
> So I suggest that, before reinventing the wheel, we study in detail the
> above mentioned document, in order to quickly know :
> -  The problems which they are encountering,
> -  The solutions which they are founding,
> -  The interoperable components which they are deploying and which we
> could reuse,
> -  ...
> 
> 
> Best regards.
> 
> ----------------------------------
> Etienne URBAH          IN2P3 - LAL
> Bat 200     91898 ORSAY     France
> Tel: +33 1 64 46 84 87
> Mob: +33 6 22 30 53 27
> Skype: etienne.urbah
> mailto:urbah at lal.in2p3.fr
> ----------------------------------

More information about the Pgi-wg mailing list