[Pgi-wg] OGF PGI - Security Model

[Laurence Field]

Hi Duane,

I think that this is going to be the case, at least in the short term. 
The overall aim is to have interoperable infrastructures, at least to 
the point which is required by the use cases they have to support. 
However, if this hasn't happened in over 8 years of OGF, I don't think 
one working group can achieve it in 18 months.

The security model is the fundamental building block that needs to be 
agreed but we are very far from achieving this goal. What we can do is 
cluster around certain security models and move forward in other areas. 

The VOMS-style approach is one such cluster and we need to have a way of 
using this with BES. Others may need to define a way of working with 
SAML and BES etc. As you said, we can define these as separate profiles 
and point the cluster to the respective documents. Job Done.

Grid Islands will still be around but they will be larger and closer. We 
are attempting to bridge these islands one stepping stone at a time.  
BES is one more stone we would like in the water.

Laurence



Duane Merrill wrote:
> Forgive me for pushing my logic to the extreme; I do realize that 
> ARC/gLite/Naregi are similar enough that they could be congealed to 
> constitute a "grid island" with some degree of effort. 
>  
> My point is that the working group is still faced with a crisis of 
> identity: it is not about "production grid interoperability", but 
> rather about "A-type interoperability", "B-type interoperability", 
> "C-type interoperability" where {A, B, C, etc.} is the set of 
> credentialing schemes that, depending on the effort we are willing to 
> invest, may number as many as there are different middleware 
> implementations (no effort), or as few as one integrated scheme.
>  
> The operative phrase being "the amount of effort we are willing to 
> invest".  Perhaps we should survey /that/.
>  
> -Duane