Hi team, Here is the minutes of the teleconf today. Please review it and point out where the record is not correct, if any. It is also available at Gridforge: https://forge.gridforum.org/projects/acs-wg/document/minutes-20050518/en/1 See you next week! Regards, Sachiko ====================================================================== ACS Teleconference ----------------------------------------------------------------------- Date and Time: May 18 20:00-21:20 EST 2005 / May 19 9:00-10:20 JST, 2005 Participants: Keisuke Fukui (Fujitsu) Peter Ziu (Northrop) Thomas Studwell (IBM) Michael Behrens (R2AD) Sachiko Wada (ASCADE) - minutes ------------------------------------------------------------------------ ** Topics 1. Agenda bashing, role call, note taker & time keeper. (10min) 2. Planning for the face-to-face. (30 min) Starting time: - first day: 10:00 a.m. - second day: 8:00 a.m. Details about the facility and how to enter it will be announced later by Pete. Agenda items: -------(start of f2f agenda)
Proposed Timetable for the face-to-face meeting on May 23 and 24
*** DAY 1 *** 1. Agenda bashing, role call, note taker & time keeper. (10min) 2. OASIS SDD TC updates (1 hour) - history - plan and milestones - relationship to GGF CDDLM-WG - collaboration with ACS-WG; scope, participation ...
Owner: Tom Time allocation: (45 min) Action:
3. ACS issues list overview (1 hour) - Itemization - Use of the tracker in gridforge.
Also to review the requirements description to be merged into the WG draft spec. Owner: Keisuke Time allocation: 1 hour Action: Keisuke will make a draft of issues list by F2F. Everybody, to append missed items if there is any.
4. Interface between ACS and CDDLM. (1 hour) - Summary report on CDDLM component model. - "addFile" in CDDLM deployment API. There are two possible mapping (relationship) between them and ACS/ARI.
Owner: Keisuke and Sachiko Time allocation: 1 hour Action: Everybody, provide with relevant information.
5. Security (1 hour) - General understanding on the range of the security topics in ACS. - Minimum requirements on ACS spec. - (There are multiple and extensive topics and issues in security area. To what extent, we need to address those. Authentication, authorization, encription, digital signiture, etc..)
possible topics - access control - signature - on which specificaiton wil ACS depend? - 'safe' ? Owner: Mike Time allocation: 30 min (Mike will post the required time) Action: Mike is asking somebody to join the meeting to discuss about this.
6. Other items in issues list (0.5 hour) - Specification on the data transport to be used with ACS. - WSDM management interface in ACS. - Updates on OGSA naming activity.
Owner: Mike Time allocation: 30 min. Action: Everybody, to provide with relevant information.
7. New use cases (1 hour) - Shipping - Federation
- Mike will present 15 min slides on his use case. - use cases for supplying to SDD (or talk about this in session 2) Tom will present the existing SDD use cases. - naregi Keisuke asked them to write their use case. NAREGI team cannot attend this session but they will attend first session of 2nd day. Owner: Mike Time allocation: (need more than 1 hour) Action: Keisuke, to get information from NAREGI PSE team in advance.
8. Interoperability Goal (1 hour) - Target systems. - Range or scope.
other actvities which may have relationship with ACS - EGA - EGEE - OMII Owner: Keisuke Time allocation: Action: Everybody, to provide with relevant information.
*** DAY 2 *** 9. NAREGI integration (1 hour) - Use case description in the WG draft. - ACS interface example to NAREGI type of deployment engine. - Requirements 1: multiple compiled binaries in ACS. - Requirements 2: data caching in ACS.
NAREGI team will attend over the phone. Owner: Keisuke Time allocation: Action: Keisuke, to arrange a call bridge.
10. WG draft writing plan. (1 hour) - Review of the table of contents. - Editorial work. - Drafting additional contents, for example, new use cases, security requirements, ARI interface detail including WSDL, AAF in detail.
Owner: Keisuke Time allocation: Action:
11. GGF14 session plan (1 hour) - Deadlines Draft document deadline: May 27, 2005 Session request deadline: June 3, 2005 - Chairs update - critical updates and training: Monday, 27 June 2005
- avoid conflicting with CDDLM/WSDM joint session Owner: Keisuke
12. Management and/or strategy in the ACS activity. (1 hour) - Regular teleconference - Recruiting in the European Grid community.
Owner: Keisuke
13. OGSA roadmap report and SCRM collaboration (1 hour)
- expected users - referenced specifications Owner: Mike -------(end of f2f agenda) Keisuke will revise the time table and post it on the acs-wg list. 3. Updates (10 min) no updates 4. Wrap up. (5 min)
I got one confirmation for a presentation on the shipping use-case for Tuesday 2pm, for perhaps 20 minutes + 10 minutes to discuss. I have his slides already. I hope that is okay - the person presenting is not available Monday, so tuesday afternoon made sense. Would that is okay? I also spoke with a security guru today about talking with us about network PKI based protocols. He's available, however I'm still waiting for a "definite" confirmation from him. I also will draft up some general information which might help us navigate through the various standards. I'm looking forward to next week! -- Michael Behrens R2AD, LLC (571) 594-3008 (cell) *new* (703) 714-0442 (land)
Mike and folks, Thanks Mike for your efforts. For the use cases, I believe we'd like cover existing use cases for SDD and NAREGI PSE. We also discuss sharing them with SDD. Do you want to move whole discussion into the day 2? Otherwise, I'd have it split for both day so that we can cover some in the day 1. Assuming that, attached is the tentative time table. Feel free to make a comments. Note: I am waiting for a response whether NAREGI PSE team can provide us with the information that we can discuss in the day 1. -Keisuke Michael Behrens wrote:
I got one confirmation for a presentation on the shipping use-case for Tuesday 2pm, for perhaps 20 minutes + 10 minutes to discuss. I have his slides already. I hope that is okay - the person presenting is not available Monday, so tuesday afternoon made sense. Would that is okay?
I also spoke with a security guru today about talking with us about network PKI based protocols. He's available, however I'm still waiting for a "definite" confirmation from him. I also will draft up some general information which might help us navigate through the various standards.
I'm looking forward to next week!
Proposed Timetable for the face-to-face meeting on May 23 and 24 (Rev. 2) Legend: Time Item (Owner; time slot) *** DAY 1 *** 10:00 Agenda bashing, role call, note taker & time keeper. (KF; 10 min) 10:10 OASIS SDD TC updates (Tom; 45 min) - history - plan and milestones - relationship to GGF CDDLM-WG - collaboration with ACS-WG; scope, participation ... 10:55 Break 11:10 ACS requirements and issues list overview (KF; 1 hour) - Review the requirements description to be merged into the WG draft spec. - Itemize, prioritize and the issues in a list - Use of the tracker in gridforge. Action: Keisuke will make a draft of issues list by F2F. Everybody, to append missed items if there is any. 12:10 Interface between ACS and CDDLM. (KF and Sachiko; 1 hour) - Summary report on CDDLM component model. - "addFile" in CDDLM deployment API. There are two possible mapping (relationship) between them and ACS/ARI. Action: Everybody, provide with relevant information. 13:10 Lunch break 14:30 Security (Mike; 30 min) - General understanding on the range of the security topics in ACS. - Minimum requirements on ACS spec. - (There are multiple and extensive topics and issues in security area. To what extent, we need to address those. Authentication, authorization, encryption, digital signature, etc..) 15:00 Other items in issues list (Mike; 30 min) - WSDM management interface in ACS. - Updates on OGSA naming activity. - Specification on the data transport to be used with ACS. 15:30 Interoperability Goal (KF; 1 hour) - Other activities which may have relationship with ACS - EGA, EGEE, OMII, etc. - Define target systems and scope. Homework: Everybody, to provide with relevant information. 16:00 Use case (Mike; 30 min) - Current SDD and candidates, naregi. 16:30 Wrap up day 1 and planning for next day (KF; 30 min) 17:00 end of day 1 ## Why not we go dinner together? *** DAY 2 *** 8:00 NAREGI integration (KF; 1 hour) - Use case description in the WG draft. - ACS interface example to NAREGI type of deployment engine. - Requirements 1: multiple compiled binaries in ACS. - Requirements 2: data caching in ACS. Homework: Keisuke, to arrange a call bridge. 9:00 WG draft writing plan. (KF; 1 hour) - Review of the table of contents. - Editorial work. - Drafting additional contents, for example, new use cases, security requirements, ARI interface detail including WSDL, AAF in detail. 10:00 GGF14 session plan (KF; 1 hour) - avoid conflicting with CDDLM/WSDM joint session - Deadlines Draft document deadline: May 27, 2005 Session request deadline: June 3, 2005 - Chairs update - critical updates and training: Monday, 27 June 2005 11:00 Management and/or strategy in the ACS activity. (KF; 1 hour) - Regular teleconference - Recruiting in the European Grid community. 12:00 Lunch break 13:00 New use cases (Mike; 1 hour) # split and moved from day 1 per Mikes request. - Shipping - Federation 14:00 OGSA roadmap report and SCRM collaboration (Mike; 1 hour) - expected users - referenced specifications 15:00 Wrap up F2F meeting and review of action items.
I wrote my personal note on security descriptions in ACS spec. This might be too primitive, but in case we lost where we start. Mybe after the presentation by security expert... -Keisuke Michael Behrens wrote:
I also spoke with a security guru today about talking with us about network PKI based protocols. He's available, however I'm still waiting for a "definite" confirmation from him. I also will draft up some general information which might help us navigate through the various standards.
I'm looking forward to next week!
See you there! Notes on security descriptions in ACS spec. The requirements and capabilities in security area extends to broad range. They include but not limited to: IDENTIFICATION, AUTHENTICATION, AUTHORIZATION, CONFIDENTIALITY, DATA INTEGRITY, AUDIT, DATA DISPOSAL, SYSTEM INTEGRITY. Not all of these need to be specified by the ACS specification nor can be achieved only by the ACS. Rather, many should be specified in system wide and designed as a system so that system fulfill the requirements throughout the lifecycle of whole use case. Having a security service inside a system and let it control, monitor and provide with the common capability to the services in a system would be a good idea can cover most of them in one place. Nevertheless, some of these specification or requirements might be better considered per each service, since those may results in more appropriate or effective requirement analysis. Also, presenting a recommendation among the options and/or defining the minimum set of the requirements would be worth. One example is the signing mechanism that ensures the data integrity for the Application Archive Format. It can detect unexpected modifications of the archive, in case that unwanted third party made alteration to the archive. There can be multiple relevant technologies to implement it. To archive the maximum interoperability between implementations it might better to have smaller number of standard ways. If we are sure which is the best suitable one, we can recommend one or require it. On the other hand, we might leave it to system designers and/or wait till the de facto standard is established. All that depends on how much we are sure if it is correct. Anyway, we need at least find and define the minimum set of the requirements. And we cannot simply include all specifications in the security area. The specification should define what is the minimum requirements to maintain the data integrity for the AAF. Appendix A. Summarized overview of the security criteria The Master Security Criteria V.3 summarizes these as below: Identification Identification is the process of recognizing a user's unambiguous and auditable identity with the help of an identifier that is typically referred to as the user-ID. In general, the user-ID need not be confidential. It is the unambiguous name of a user through which the user can be held accountable. As such, all actions initiated by a user need to be associated with the corresponding user-ID. Authentication Authentication is the process of verifying the claimed identity of a user. Depending on the system and the application, different kinds of authenticators can include passwords, tokens, smart cards, key-based authenticators, voice recognition, and/or a retina scan. Regardless of what type is used, it is critically important to minimize the compromise of an authenticator. Authorization The authorization feature is focused on the controls associated with establishment of a session with the system, invocation of operations- or services-oriented tasks, or the access of information while it is stored. Confidentiality The confidentiality protection feature is focused on protecting sensitive information from unauthorized disclosure while the information is being generated, stored, manipulated or forwarded. Data Integrity This feature is focused on preventing and detecting unauthorized modification of data that is associated with a user, the system itself, or the communications path. Audit This feature has to provide adequate capabilities to investigate unauthorized activities after an event, so that the proper remedial action can be taken. This implies the recording of security-relevant events into an audit log that can be analyzed by the administrator. Data Disposal This feature is focused on protecting sensitive information from unauthorized recovery and subsequent disclosure from internal system memory and storage after authorized use. System Integrity This feature is focused on the functional integrity of the system, including the controlled creation, installation and operation of the system software and data.
Hi team, Here is the minutes of the teleconf today. Please review it and point out where the record is not correct, if any. It is also available at Gridforge: https://forge.gridforum.org/projects/acs-wg/document/minutes-20050602/en/1 Regards, Sachiko ====================================================================== ACS Teleconference ----------------------------------------------------------------------- Date and Time: June 2 20:10-20:50 EDT 2005 / June 3 9:10-9:50 JST, 2005 Participants: Keisuke Fukui (Fujitsu) Peter Ziu (Northrop) Michael Behrens (R2AD) Sachiko Wada (ASCADE) - minutes ------------------------------------------------------------------------ * Wrap up for F2F - Review action items list and issues list AI-1: Sachiko, to post the proposed sequence for interaction with CDDLM. By next Monday. AI-2: All, to make comment on the sequence with CDDLM. After AI-1 done. AI-3: Tom, to propose a name for ARI interfaces (functions) Waiting for the update from Tom. AI-4: Tom, to send a SDD hierarchy info to NAREGI PSE team. To be done. Additionally Keisuke sent a related paper in Japanese. AI-5: Tom, to ask David Martin about reference implementation. Waiting for the update from Tom. AI-6: All, to review the current draft of the ACS specification . If there are any comments, send e-mail to the ml, then we can start discussion for each item. AI-7: Mike, to make a research on authentication/authorization. Mike is going to get comments from another expert on this issue. Will update at the next call. AI-8: Pete, to make a research on signature/integrity. Working. AI-9: Tom, to update the section of AAF in the current draft of the ACS spec. Waiting for the update from Tom. AI-10: Fukui, to send the request for two sessions in GGF14 by June 3. Done. AI-11: Fukui, to add "Clarify the requirements on version control" to the issues list. Done. Mike's Comment: Rollback capability may be implied but need not be required explicitly. Co-existence of two or more versions should be allowed. AI-12: Fukui, to check the possibility of a joint session with CDDLM-WG at GGF14. Done. (Dejan willingly accepted our offer) AI-13: Fukui, to register the reviewed draft of the ACS spec. by May 27. Done. Keisuke will register the AI and issues list to the gridforge document manager as a f2f output and to the tracker. * Updates - SDD TC call by KF. There was a telconf yesterday, and Tom was approved as a TC chair. * GGF14 sessions - The latest information on the session slots is available at: https://forge.gridforum.org/tracker/?func=detail&atid=557&aid=1482&group_id=100 https://forge.gridforum.org/tracker/?func=detail&atid=557&aid=1483&group_id=100 * Next call Date: Jun 8 Mon 20:00 EDT/Jun 9 Tue 9:00 JST Calling #: will be announced later
Sorry, the subject of the last mail was not correct... Sachiko
participants (3)
-
Keisuke Fukui
-
Michael Behrens
-
Sachiko Wada