[Pgi-wg] OGF PGI - Security Model
Moreno Marzolla
moreno.marzolla at pd.infn.it
Thu Mar 26 11:10:16 CDT 2009
Duane Merrill wrote:
> Forgive me for pushing my logic to the extreme; I do realize that
> ARC/gLite/Naregi are similar enough that they could be congealed to
> constitute a "grid island" with some degree of effort.
[...]
> The operative phrase being "the amount of effort we are willing to invest".
> Perhaps we should survey *that*.
This "all-or-nothing" attitude was precisely what I was trying to avoid
when I (and others like me) initially thought about having a small set
of different security profiles. There are simply things which we (and
others) can't change overnight, as we work on middlewares whose
development is constrained in different ways. There's not much that we
can do to change these constraints in the sort term. Sure, we could
develope a new (e.g.) CREAM-BES service which is completely unrelated
with the legacy CREAM, so that we can get rid of every legacy component
and implement whatever security mechanism we agree on. Whether we have
the resources to do that is a question I'm not entitled to answer, but
my guess is that we don't (again, things may change in the future).
So, achieving full interoperability between ARC/glite/naregi would be a
success for me. Knowing that, by only getting rid of VOMS proxies and
using SAML assertions we could get full interoperability with UNICORE
and other similar middlewares is equally a success. Having to build
adapters to translate (if possible) credentials in different formats is
a compromise which is more reasonable than having to wait for all the
middlewares of the world to move towards a common security
infrastructure. Maybe this will happen, but I don't know whether I will
stil be around by then.
Moreno.
--
Moreno Marzolla
INFN Sezione di Padova, via Marzolo 8, 35131 PADOVA, Italy
EMail: moreno.marzolla at pd.infn.it Phone: +39 049 8277103
WWW : http://www.dsi.unive.it/~marzolla Fax : +39 049 8756233
More information about the Pgi-wg
mailing list