[Pgi-wg] Teleconference tomorrow, March 13th - Security
Andrew Grimshaw
grimshaw at virginia.edu
Thu Mar 12 10:01:36 CDT 2009
All,
A minor correction,
> - 'Conformance Targets for Simple PGI Communication' of GENESIS
Was written by us, but does not describe our implementation. It was an
attempt to create a strawman for PGI that matched what everyone was saying
in vague terms into more concrete terms.
A
-----Original Message-----
From: pgi-wg-bounces at ogf.org [mailto:pgi-wg-bounces at ogf.org] On Behalf Of
Etienne URBAH
Sent: Thursday, March 12, 2009 10:20 AM
To: Morris RIEDEL
Cc: pgi-wg at ogf.org; edges-na3 at mail.edges-grid.eu
Subject: Re: [Pgi-wg] Teleconference tomorrow, March 13th - Security
Morris,
Concerning PGI, I completely agree with you :
Even if the original use case was focused on data staging,
SECURITY is the basis for everything.
Taking as input following presentations :
- 'PGI Reference Model' by yourself, in particular slides :
- 18 'Security is orthogonal to layers,
- 19 'Orthogonal Security: Plumbings',
- 22 'Still work to do.'.
- 'Unicore : A European Grid Technology' by Shiraz MEMON, in particular
slide 7 'Standards in Unicore 6'
- 'The NorduGrid/ARC perspective', in particular slides 21 and 22
'Security capability: Wishlist'
- 'Conformance Targets for Simple PGI Communication' of GENESIS
Interoperability absolutely requires that :
1) Trust stores (for roots of trust) and Authz Repositories (like
'gridmap' files) have exactly the same semantic content (even if syntax
can differ), and are carefully distributed to all sites.
2) VOMS attributes specified inside X509 proxies and inside SAML
assertions have the same semantics, in order to permit translation in
both directions.
3) Restrictions/Constraints specified inside X509 proxies and inside
SAML assertions have the same semantics, in order to permit translation
in both directions.
4) Endpoints are specified in compliance with GLUE 2.
So, I suggest to use the presentation 'Conformance Targets for Simple
PGI Communication' of GENESIS as the basis document for our work.
We have first to agree on at least the above points inside 1 or more
Security Profiles (Semantic, Repositories, X509 syntax, SAML syntax).
Then we can successfully apply SECURITY and GLUE to improve JSDL, BES
and Data transfer & management.
Meanwhile, I thank Johannes WATZL in advance for uploading the minutes
of the PGI sessions (in particular the remote speech by Duane MERRIL).
Besides, at OGF25, Joni HAHKALA of CERN (tel +41 22 76 76179)
Joni.Hahkala at cern.ch explained to me that gLite proxy restriction
attributes are developed by himself.
Best regards.
----------------------------------
Etienne URBAH IN2P3 - LAL
Bat 200 91898 ORSAY France
Tel: +33 1 64 46 84 87
Mob: +33 6 22 30 53 27
Skype: etienne.urbah
mailto:urbah at lal.in2p3.fr
----------------------------------
On Thu, 12 Mar 2009, m.riedel at fz-juelich.de wrote:
> Hi PGI team,
>
> I think it would be quite valuable to have a short telcon tomorrow
debriefing OGF25 - I'm happy to chair this telcon if the community is
interested.
>
> I think we clearly have to review our strategy and thus numerous comments
might be beneficial?
>
> Possible agenda might be:
>
> (1)
> OGF25 Summarizing shortly our sessions
>
> (2)
> Addressing Comments: Liasons with other working groups: SRM, JSDL, BES,
etc.
>
> (3)
> Addressing Comments: (possible) Prioritization to focus efforts:
> (i)
> Clearly security breaks everything - so lets foster security
> (ii)
> bes/glue then
> (iii)
> data issues
>
> (4)
> Addressing Comments: production Grids and driving forces of PGI (small
fish vs. big fish)
>
> (5)
> Other comments by participants of the TelCon
>
> (6)
> AOB
>
>
>
> Honestly, I don't feel comfortable without having talked about this this
week - and I would be happy if we can directly dive into our problems
instead of shifting it... ;-)
>
>
>
> I suggest the usual timeslot w/o talking about technical issues but rather
about our roadmap and steps forward - let's not loose time...
>
> How does this sound?
>
>
>
>
> Take care,
> Morris
>
>
>
>
----------------------------------------------------------------------------
----
> Morris Riedel
> SW - Engineer
> Distributed Systems and Grid Computing Division
> Central Institute of Applied Mathematics
> Research Centre Juelich
> Wilhelm-Johnen-Str. 1
> D - 52425 Juelich
> Germany
>
> Email: m.riedel at fz-juelich.de
> Info: http://www.fz-juelich.de/zam/ZAMPeople/riedel
>
> Phone: +49 2461 61 - 3651
> Fax: +49 2461 61 - 6656
>
> Skype: MorrisRiedel
More information about the Pgi-wg
mailing list