[Pgi-wg] OGF PGI - Security Strawman

Fri Mar 27 08:43:52 CDT 2009

Hi,

>- Currently all sentence are read on this mailing lists looked like
requiring only listed options to be used for authorization. And this is
wrong from my point of view.

I refer to two different plumbings nothing more. This already narrows down
the thousand other possibilities...

Take care,
Morris

------------------------------------------------------------
Morris Riedel
SW - Engineer
Distributed Systems and Grid Computing Division
Jülich Supercomputing Centre (JSC)
Forschungszentrum Juelich
Wilhelm-Johnen-Str. 1
D - 52425 Juelich
Germany

Email: m.riedel at fz-juelich.de
Info: http://www.fz-juelich.de/jsc/JSCPeople/riedel
Phone: +49 2461 61 - 3651
Fax: +49 2461 61 - 6656

Skype: MorrisRiedel

"We work to better ourselves, and the rest of humanity"

Sitz der Gesellschaft: Jülich
Eingetragen im Handelsregister des Amtsgerichts Düren Nr. HR B 3498
Vorsitzende des Aufsichtsrats: MinDirig'in Bärbel Brumme-Bothe
Vorstand: Prof. Dr. Achim Bachem (Vorsitzender), 
Dr. Ulrich Krafft (stellv. Vorsitzender)

>------Original Message-----
>-From: Aleksandr Konstantinov [mailto:aleksandr.konstantinov at fys.uio.no]
>-Sent: Friday, March 27, 2009 2:40 PM
>-To: Morris Riedel
>-Cc: pgi-wg at ogf.org
>-Subject: Re: [Pgi-wg] OGF PGI - Security Strawman
>-
>-On Friday 27 March 2009 14:39, Morris Riedel wrote:
>-> But Aleksandr - I think we all agree to the VOMS scenario  - come on
that’s
>-> something where we can't go currently... :-)
>-
>-As I already said I'm not suggesting to profile other information whihc
can be used
>-for authorization.
>-I said that such information should not be disallowed. Just write profile
in such way
>-that other options
>-are up to deployment. Currently all sentence are read on this mailing
lists looked like
>-requiring only
>-listed options to be used for authorization. And this is wrong from my
point of view.
>-
>-
>-A.K.
>-
>-
>-
>->
>-> ------------------------------------------------------------
>-> Morris Riedel
>-> SW - Engineer
>-> Distributed Systems and Grid Computing Division
>-> Jülich Supercomputing Centre (JSC)
>-> Forschungszentrum Juelich
>-> Wilhelm-Johnen-Str. 1
>-> D - 52425 Juelich
>-> Germany
>->
>-> Email: m.riedel at fz-juelich.de
>-> Info: http://www.fz-juelich.de/jsc/JSCPeople/riedel
>-> Phone: +49 2461 61 - 3651
>-> Fax: +49 2461 61 - 6656
>->
>-> Skype: MorrisRiedel
>->
>-> "We work to better ourselves, and the rest of humanity"
>->
>-> Sitz der Gesellschaft: Jülich
>-> Eingetragen im Handelsregister des Amtsgerichts Düren Nr. HR B 3498
>-> Vorsitzende des Aufsichtsrats: MinDirig'in Bärbel Brumme-Bothe
>-> Vorstand: Prof. Dr. Achim Bachem (Vorsitzender),
>-> Dr. Ulrich Krafft (stellv. Vorsitzender)
>->
>->
>-> >------Original Message-----
>-> >-From: Aleksandr Konstantinov
[mailto:aleksandr.konstantinov at fys.uio.no]
>-> >-Sent: Friday, March 27, 2009 1:29 PM
>-> >-To: Morris Riedel
>-> >-Subject: Re: [Pgi-wg] OGF PGI - Security Strawman
>-> >-
>-> >-On Friday 27 March 2009 12:24, you wrote:
>-> >-> Aleksandr,
>-> >->
>-> >->   could you give me one example for this:
>-> >->
>-> >-> >- I do support idea of attribute based authorization. But can't
>-> understand
>-> >-> why other information authenticating the client should be disallowed
>-> from
>-> >-> making authorization decision.
>-> >->
>-> >->
>-> >-> I seek to understand what you mean.
>-> >-
>-> >-
>-> >-Most brutal example would be DN of X.509 certificate.
>-> >-More sophisticated could be distrust of specific computing resource
for
>-> specific
>-> >-VOMS service.
>-> >-
>-> >-A.K.
>->
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3550 bytes
Desc: not available
Url : http://www.ogf.org/pipermail/pgi-wg/attachments/20090327/b3af5e1d/attachment.bin 