[Pgi-wg] OGF PGI - Security - Interoperability in progressbetween EGEE and OSG (using COPS)

Fri Apr 3 08:49:57 CDT 2009

Exactly - from my understanding its on a different level!

------------------------------------------------------------
Morris Riedel
SW - Engineer
Distributed Systems and Grid Computing Division
Jülich Supercomputing Centre (JSC)
Forschungszentrum Juelich
Wilhelm-Johnen-Str. 1
D - 52425 Juelich
Germany

Email: m.riedel at fz-juelich.de
Info: http://www.fz-juelich.de/jsc/JSCPeople/riedel
Phone: +49 2461 61 - 3651
Fax: +49 2461 61 - 6656

Skype: MorrisRiedel

"We work to better ourselves, and the rest of humanity"

Sitz der Gesellschaft: Jülich
Eingetragen im Handelsregister des Amtsgerichts Düren Nr. HR B 3498
Vorsitzende des Aufsichtsrats: MinDirig'in Bärbel Brumme-Bothe
Vorstand: Prof. Dr. Achim Bachem (Vorsitzender), 
Dr. Ulrich Krafft (stellv. Vorsitzender)

>------Original Message-----
>-From: pgi-wg-bounces at ogf.org [mailto:pgi-wg-bounces at ogf.org] On Behalf Of
>-Steven Newhouse
>-Sent: Friday, April 03, 2009 3:48 PM
>-To: Etienne Urbah; pgi-wg at ogf.org
>-Cc: edges-na3 at mail.edges-grid.eu; lodygens at lal.in2p3.fr
>-Subject: Re: [Pgi-wg] OGF PGI - Security - Interoperability in
progressbetween
>-EGEE and OSG (using COPS)
>-
>-It is my understanding that this work addresses a very different use case
than we
>-have been discussing within PGI. Its a deployment that is encapsulated
within the
>-service infrastructure (generally within a single site) to support
authorization
>-decisions. Not the user/role driven authentication tokens that we have
been
>-discussing within PGI - our primary use case.
>-
>-Steven
>-
>-Dr Steven Newhouse
>-EGEE Technical Director
>-http://cern.ch/Steven.Newhouse
>-
>-
>-> -----Original Message-----
>-> From: pgi-wg-bounces at ogf.org [mailto:pgi-wg-bounces at ogf.org] On Behalf
>-> Of Etienne URBAH
>-> Sent: 03 April 2009 15:38
>-> To: pgi-wg at ogf.org
>-> Cc: edges-na3 at mail.edges-grid.eu; lodygens at lal.in2p3.fr
>-> Subject: [Pgi-wg] OGF PGI - Security - Interoperability in progress
>-> between EGEE and OSG (using COPS)
>->
>-> To All,
>->
>->
>-> My previous today's mail shows that the security work of PGI is now
>-> stuck into irreconcilable incompatibility between :
>-> -  RFC-3820-compliant X509 certificates and proxies on one part,
>-> -  GSI-style X509 proxies (which can be delegated) on the other part.
>->
>->
>-> But there is some hope :  At the last MWSG meeting in Zürich, David
>-> GROEP has performed a presentation 'AuthZ Interop report' available at
>-> http://indico.cern.ch/materialDisplay.py?contribId=22&sessionId=3&mater
>-> ialId=slides&confId=52862
>->
>-> This presentation describes current work in good progress begun in 2007
>-> on security interoperability between OSG and EGEE, with the help of
>-> Globus and Condor teams.
>->
>-> This work uses the Common Open Policy Service (COPS) model defined in
>-> RFC 2748 at http://tools.ietf.org/html/rfc2748
>->
>-> COPS defines at least following 2 concepts :
>-> -  PDP = Policy Decision Point
>-> -  PEP = Policy Enforcement Point
>->
>-> Interoperability is achieved through an AuthZ Interop Profile, based on
>-> the SAML v2 profile of XACML v2.
>->
>-> There are production deployments in OSG and EGEE.
>->
>->
>-> So I suggest that, before reinventing the wheel, we study in detail the
>-> above mentioned document, in order to quickly know :
>-> -  The problems which they are encountering,
>-> -  The solutions which they are founding,
>-> -  The interoperable components which they are deploying and which we
>-> could reuse,
>-> -  ...
>->
>->
>-> Best regards.
>->
>-> ----------------------------------
>-> Etienne URBAH          IN2P3 - LAL
>-> Bat 200     91898 ORSAY     France
>-> Tel: +33 1 64 46 84 87
>-> Mob: +33 6 22 30 53 27
>-> Skype: etienne.urbah
>-> mailto:urbah at lal.in2p3.fr
>-> ----------------------------------
>-
>-_______________________________________________
>-Pgi-wg mailing list
>-Pgi-wg at ogf.org
>-http://www.ogf.org/mailman/listinfo/pgi-wg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3550 bytes
Desc: not available
Url : http://www.ogf.org/pipermail/pgi-wg/attachments/20090403/b1875990/attachment-0001.bin 