[Pgi-wg] Teleconference tomorrow, March 13th - Security

Andrew Grimshaw grimshaw at virginia.edu
Thu Mar 12 10:01:36 CDT 2009 

All,
A minor correction, 
> -  'Conformance Targets for Simple PGI Communication' of GENESIS
Was written by us, but does not describe our implementation. It was an
attempt to create a strawman for PGI that matched what everyone was saying
in vague terms into more concrete terms.
A

-----Original Message-----
From: pgi-wg-bounces at ogf.org [mailto:pgi-wg-bounces at ogf.org] On Behalf Of
Etienne URBAH
Sent: Thursday, March 12, 2009 10:20 AM
To: Morris RIEDEL
Cc: pgi-wg at ogf.org; edges-na3 at mail.edges-grid.eu
Subject: Re: [Pgi-wg] Teleconference tomorrow, March 13th - Security

Morris,

Concerning PGI, I completely agree with you :

Even if the original use case was focused on data staging,

SECURITY is the basis for everything.


Taking as input following presentations :

-  'PGI Reference Model' by yourself, in particular slides :
    - 18 'Security is orthogonal to layers,
    - 19 'Orthogonal Security: Plumbings',
    - 22 'Still work to do.'.

-  'Unicore : A European Grid Technology' by Shiraz MEMON, in particular 
slide 7 'Standards in Unicore 6'

-  'The NorduGrid/ARC perspective', in particular slides 21 and 22 
'Security capability: Wishlist'

-  'Conformance Targets for Simple PGI Communication' of GENESIS


Interoperability absolutely requires that :

1) Trust stores (for roots of trust) and Authz Repositories (like 
'gridmap' files) have exactly the same semantic content (even if syntax 
can differ), and are carefully distributed to all sites.

2) VOMS attributes specified inside X509 proxies and inside SAML 
assertions have the same semantics, in order to permit translation in 
both directions.

3) Restrictions/Constraints specified inside X509 proxies and inside 
SAML assertions have the same semantics, in order to permit translation 
in both directions.

4) Endpoints are specified in compliance with GLUE 2.


So, I suggest to use the presentation 'Conformance Targets for Simple 
PGI Communication' of GENESIS as the basis document for our work.


We have first to agree on at least the above points inside 1 or more 
Security Profiles (Semantic, Repositories, X509 syntax, SAML syntax).

Then we can successfully apply SECURITY and GLUE to improve JSDL, BES 
and Data transfer & management.


Meanwhile, I thank Johannes WATZL in advance for uploading the minutes 
of the PGI sessions  (in particular the remote speech by Duane MERRIL).

Besides, at OGF25, Joni HAHKALA of CERN (tel +41 22 76 76179) 
Joni.Hahkala at cern.ch explained to me that gLite proxy restriction 
attributes are developed by himself.


Best regards.

----------------------------------
Etienne URBAH          IN2P3 - LAL
Bat 200     91898 ORSAY     France
Tel: +33 1 64 46 84 87
Mob: +33 6 22 30 53 27
Skype: etienne.urbah
mailto:urbah at lal.in2p3.fr
----------------------------------


On Thu, 12 Mar 2009, m.riedel at fz-juelich.de wrote:
> Hi PGI team,
> 
>   I think it would be quite valuable to have a short telcon tomorrow
debriefing OGF25 - I'm happy to chair this telcon if the community is
interested.
> 
> I think we clearly have to review our strategy and thus numerous comments
might be beneficial?
> 
> Possible agenda might be:
> 
> (1)
> OGF25 Summarizing shortly our sessions
> 
> (2)
> Addressing Comments: Liasons with other working groups: SRM, JSDL, BES,
etc.
> 
> (3)
> Addressing Comments: (possible) Prioritization to focus efforts:
> (i)
> Clearly security breaks everything - so lets foster security 
> (ii)
> bes/glue then
> (iii)
> data issues
> 
> (4)
> Addressing Comments: production Grids and driving forces of PGI (small
fish vs. big fish)
> 
> (5)
> Other comments by participants of the TelCon
> 
> (6)
> AOB
> 
> 
> 
> Honestly, I don't feel comfortable without having talked about this this
week - and I would be happy if we can directly dive into our problems
instead of shifting it... ;-)
> 
> 
> 
> I suggest the usual timeslot w/o talking about technical issues but rather
about our roadmap and steps forward - let's not loose time...
> 
> How does this sound?
> 
> 
> 
> 
> Take care,
> Morris
> 
> 
> 
>
----------------------------------------------------------------------------
----
> Morris Riedel
> SW - Engineer
> Distributed Systems and Grid Computing Division
> Central Institute of Applied Mathematics
> Research Centre Juelich
> Wilhelm-Johnen-Str. 1
> D - 52425 Juelich
> Germany
> 
> Email:  m.riedel at fz-juelich.de
> Info: http://www.fz-juelich.de/zam/ZAMPeople/riedel
> 
> Phone: +49 2461 61 - 3651
> Fax: +49 2461 61 - 6656
> 
> Skype: MorrisRiedel

More information about the Pgi-wg mailing list