[Pgi-wg] Sec: Agreement on attribute transport mechanismsforAttrAuthZ

Morris Riedel m.riedel at fz-juelich.de
Fri Mar 20 06:14:42 CDT 2009 

Hi,

 

>- My personal thinking is, since we are talking about PGI or
interoperability, we probably do need to change the current implementation
if it can not satisfy interoperability, while keeping the principle that the
change should be as little as possible. 

 

In terms of little changes I agree - but I consider PGI_TLS / PGI_GSI as
massive changes.

 

For instance, we have developed a UNICORE Gateway (for AuthN) that works
with PGI_TLS naturally - and PGI_GSI more recently providing of course not
FULL delegation support per hop, but proxies are supported on GSI-TLS level.

 

 

However, can we expect that you one contact a CREAM-BES any time soon with
full end-entity credentials or any other gLite component? Inherently,
because of forwarding mechanisms internally - proxies are necessary
probably.

 

But maybe that's my old interop* knowledge - so let's clarify again.

 

Some statements that need clarification:

 

Note: UNICORE can be contacted using PGI_TLS and PGI_GSI - the same is
planned for GENESIS-II as far as I remember.

 

 

Q: Do gLite also supports pure PGI_TLS apart from PGI_GSI?

 

 

Q: Do ARC also supports pure PGI_TLS apart from PGI_GSI?

 

 

Q: Do we really imply that PGI-compliance means that both PGI_GSI and pure
PGI_TLS have to be supported? Or we rather go the plumbing way of defining
either or as MANDATORY and as MAY both supported (two plumbings).

 

Thanks for clarification,

Morris

 

 

From: Steven Newhouse [mailto:Steven.Newhouse at cern.ch] 
Sent: Friday, March 20, 2009 11:49 AM
To: weizhong qiang; Morris Riedel
Cc: pgi-wg at ogf.org
Subject: RE: [Pgi-wg] Sec: Agreement on attribute transport
mechanismsforAttrAuthZ

 

My personal thinking is, since we are talking about PGI or interoperability,
we probably do need to change the current implementation if it can not
satisfy interoperability, while keeping the principle that the change should
be as little as possible. 

 

And to clearly describe the interoperability benefits that will be derived
(i.e. systems and communities) by making that change.

 

Steven

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.ogf.org/pipermail/pgi-wg/attachments/20090320/5577e72e/attachment.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3550 bytes
Desc: not available
Url : http://www.ogf.org/pipermail/pgi-wg/attachments/20090320/5577e72e/attachment.bin

More information about the Pgi-wg mailing list