[SECURITY-AREA] OGF Security Area Update December 2006

[David Groep]

Dear all,

Over the past few months, several new activities have started in the
OGF Security Area. With this Update, we would like to inform you about
these activities and at the same time foster coherency in the security area.
We hope you find this update useful and welcome any comments you have on
this kind of communication, and of course on any grid security related
activities.

Note also the OGF 19 early registration deadline of December 8 (Friday).
We hope that, with the activities listed below, the OGF 19 program will be
interesting and packed with security-related activities.

     Best regards,
     the Security ADs
     Blair Dillaway and David Groep.


In this update:

   - NEW: OGSA-AuthN Charter BoF to be held at OGF19
   - NEW: Activity discussion on Levels of Assurance issues
   - OGSA Basic Security Profile Core and Security Channel
   - OGSA-AuthZ-WG re-chartered
   - Firewall Issues RG documents and group directions
   - CAOPS Document progress and sessions

These updates will usually be sent to the <security-area at ogf.org> list,
to which you can subscribe via http://mailman.ogf.org/


OGSA-AuthN Charter BoF
----------------------
   The OGSA-AuthN group is currently being bootstrapped to look at
   technologies and mechanisms for authentication in the OGSA context.
   The groups focus will be on the drafting the roadmap for OGSA
   authentication technologies, documentation of existing authentication
   community practices, and look at the issues surrounding AuthN delegation.
   The group and BoF is being organised and animated by Alan Sill of Texas Tech.

   Discussions on the exact scope of the group are currently ongoing on the
   BoF mailing list, and a BoF session will be held during OGF19. These
   discussions should result in a charter proposal being brought to the
   community at the BoF.

   It is explicitly a part of the charter for this group to work in a
   symmetrical manner with any OGSA-AuthZ work that may be needed for
   consistency in grid services.

   For more information
   Draft charter:
     http://www.ggf.org/gf/group_info/charter.php?review&group=OGSA-AuthN-WG
   Mailing list: ogsa-authn-bof at ogf.org
     http://www.ogf.org/mailman/listinfo/ogsa-authn-bof/


Topical BoF on Levels of Assurance (LoAs)
-----------------------------------------
   Ideas around "Levels of Assurance" have been receiving more and more
   attention, with the advance of federations and Authentication and
   Authorization infrastructures.

   "LoA is defined as the strength of authentication required for a service
   provider to be assured that a resource access is only granted to users whose
   identities have been verified. It reflects the degree of confidence in an
   authentication process used to establish the identity of an entity (an
   individual or a software component) to whom the credential was issued, and
   the degree of confidence that the entity using the credential is indeed the
   entity that the credential was issued to."

   Ning Zhang of Manchester University has taken the initiative to bring up
   the discussion on this activity in the OGF context.

   Examples of questions that this activity could address are:
   - What are the existing definitions of LoA suited to Grid or VO environment?
   - How to apply LoA to safeguard Grid services/resources?
   - Are some onerous registration requirements or special condition stipulations
     due to perceived inadequacies in the strength of authentication?
   - Are there any limitations in terms of user accessibility, scalability
     and interoperability?

   The activity can include discussion on how operational procedures affect LoA,
   how the various parameters and factors influence the overall LoA value in
   grid/VO environments, and come up with recommendations on how these factors
   can be taken into account. The purpose here is to consult, and to seek
   comments and feedbacks from, the communities concerned (including service
   providers, from e-Science, e-Business and e-Gov) on their views on the
   definition and applications of LoA in achieving fine-grained access control.

   Everyone interested in such an activity is extremely welcome to attend this
   activity BoF session.
   If there is sufficient interest within OGF, the BoF can also discuss how the
   activity is best embedded in the OGF organisation; it is not necessarily the
   aim of this BoF to result in a new research or working group.

   More information:
   Security Area Wiki:
https://forge.gridforum.org/sf/wiki/do/viewPage/projects.sec/wiki/LoAInitiative
   Document "e-Infrastructure Security: Levels of Assurance"
https://forge.gridforum.org/sf/sfmain/do/downloadAttachment/projects.sec/wiki/LoAInitiative?id=atch4300
   Discussion forum:
https://forge.gridforum.org/sf/discussion/do/listTopics/projects.sec/discussion.loa_activity_initiative



OGSA Basic Security Profile Core and Security Channel documents
---------------------------------------------------------------
   The updated version of the OGSA Basic Security Profile 1.0 - Core has
   entered WG final call and is available on GridForge:
 
https://forge.gridforum.org/sf/docman/do/downloadDocument/projects.ogsa-wg/docman.root.working_drafts.security_profile_1_0/doc13561/13

   The OGSA Security Profile 1.0 - Secure Channel document draft, discussing
   how to establish a secure channel in the OGSA context, has been revised and is
   now available at
 
https://forge.gridforum.org/sf/docman/do/downloadDocument/projects.ogsa-wg/docman.root.working_drafts.security_profile_1_0/doc13560/22


OGSA-AuthZ-WG re-chartered
-------------------------

   The OGSA-AuthZ Working Group has been rechartered and now addresses more
   advanced features that are required, such as obligations, decisions based on
   action parameters, policy management, dynamic delegation of authority,
   attribute schema exchanges etc.

   The new charter is available from
     http://www.ggf.org/gf/group_info/charter.php?review&group=OGSA-AuthZ-WG


Firewall Issues overview document published
-------------------------------------------
   This "Firewall Issues Overview" information track document by Ralph
   Niederberger et al., has been published as GFD-I.083. You can download it
   here:
     http://www.ggf.org/gf/docs/?final

   The middlebox technology overview and evaluation document is coming up next,
   and new documents are being considered on the mailing list

   More information:
   Charter:
     http://www.ggf.org/gf/group_info/charter.php?review&group=FI-RG
   Mailing list: fi-rg at ogf.org
     http://www.ogf.org/mailman/listinfo/fi-rg/


CAOPS Documents and sessions
----------------------------
   CAOPS will hold two sessions during the upcoming OGF 19 event, of which
   one is traditionally dedicated to the International Grid Trust Federation
   (IGTF). Current draft document for example include the Grid Certificate
   Profile, a comprehensive collection of the community knowledge on what
   works and does not work in an interoperable PKI geared to currently
   running grids.

   More information:
   Charter:
     http://www.ggf.org/gf/group_info/charter.php?review&group=CAOPS-WG
   International Grid Trust Federation
     http://www.gridpma.org/
   Grid Certificate Profile:
     https://forge.gridforum.org/sf/go/doc13741 (PDF)
     https://forge.gridforum.org/sf/go/doc13742 (MS Word)


-- 
David Groep

** National Institute for Nuclear and High Energy Physics, PDP/Grid group **
** Room: H1.56 Phone: +31 20 5922179, PObox 41882, NL-1009DB Amsterdam NL **