Hi Jens, others, Brian and I are having discussions about extensions to the XACML interoperability profile http://www.ogf.org/documents/GFD.205.pdf (or https://redmine.ogf.org/dmsf/fedsec-cg?folder_id=6535) How should we go about this? We're currently still discussing possible ways of adapting, but ultimately it should lead to a new standard we both want to adopt. If I understood correctly, GFD.205 was mostly guided within the fedsec group. Secondly, together with John White, I hope to write an XACML profile aimed at provising and managing virtual machines. Some background: we -- Nikhef -- have developed an XACML-talking 'Execution Environment Service' that can run as backend to the EMI Argus service [1]. It typically runs one or more plugins to do the hard work, and John White has been developing a OpenStack plugin which should be able to boot up VMs with proper authorization. In order for this to all work, we need to develop a new profile for passing information around, such as user identities, VM hostnames etc., new action and resource attributes and ways to encapsulate the authorization policies. As far as I know, this is pretty much uncharted territory. Again, what would be the best way to start with this? Cheers, Mischa [1] Design of the Execution Environment Service https://edms.cern.ch/document/1018216/1 -- Nikhef Room H155 Science Park 105 Tel. +31-20-592 5102 1098 XG Amsterdam Fax +31-20-592 5155 The Netherlands Email msalle@nikhef.nl __ .. ... _._. .... ._ ... ._ ._.. ._.. .._..