Below, the IDEL Charter as submitted 14 March after the Security BoF
(http://www.ogf.org/gf/event_schedule/index.php?id=2474)
Mike
---------- Forwarded Message ----------
Subject: Charter for IDEL
Date: Wednesday 14 March 2012, 14:44:43
From: Paul Millar <paul.millar(a)desy.de>
To: Jens Jensen <j.jensen.ral(a)gmail.com>
Hi Jens
Here's the charter
Cheers,
Paul.
---
Charter for IDEL
Date 2012-03-14
Group Abbreviation: IDEL
Group Name: Identity Delegation
Area: Security
Group Leadership: Paul Millar, Mike Jones
IDEL Chair
Group Summary:
The IDEL group explores issues related to identity delegation, a
process where a party obtains credentials from another party that
allow the first party to assert that operations are conducted with the
identity of the second party.
Charter Focus/Purpose and Scope:
There are two main purposes of the group.
First, to collect the experience of communities that have already
established methods of supporting identity delegation, which includes
identity delegation performed during the handshake. This will include
support for expressing and handling restrictions on the use of the
delegated credential.
Second, to define profiles for implementing the restrictions and
standards that define an abstract identity delegation protocol and
profiles for RESTful and SOAP.
Exit Strategy:
The group will finish when the goals/deliverables are completed.
Goals/Deliverables:
The group will write/define:
o a document describing collected input from
interesting parties,
o protocol for achieving identity delegation and
corresponding profile documents.
o An experiences document describing the adoption of
the protocol and profiles by the various interested
communities.
Seven Questions:
1. Is the scope of the proposed group sufficiently focused?
Yes. The group is focused on exploring issues related to credential
delegation, such as how credentials may be delegated to an agent to
allow that agent to work on behalf of the delegator. Another example
is investigating how restrictions are expressed and handled.
The main focus will be on establishing current approaches adopted by
existing software stacks and a recommendation for a common approach.
2. Are the topics that the group plans to address clear and relevant
for the Grid research, development, industrial, implementation,
and/or application user community?
Yes. Identity delegation is already widely used by several
communities, but different mechanisms cause interoperability issues.
3. Will the formation of the group foster (consensus-based) work that
would not be done otherwise?
Yes, there are several organisations and software providers that are
currently working in isolation. By establishing this group, these
organisations will have a forum to share ideas and establish a common
concept of delegation.
4. Do the group's activities overlap inappropriately with those of
another OGF group or to a group active in another organization such
as IETF or W3C?
There is no other OGF group that has direct impact on delegation and
such an activity is currently not being worked on by IETF and W3C.
5. Are there sufficient interest and expertise in the group's topic,
with at least several people willing to expend the effort that is
likely to produce significant results over time?
There is interest from the European Middleware Initiative Project
(EMI), the Initiative for Globus in Europe (IGE), the International
Virtual Observatory Alliance (IVOA), eXtreme Science and Engineering
Discovery Environment (XSEDE) and European Desktop Grid Initiative
(EDGI).
6. Does a base of interested consumers (e.g., application developers,
Grid system implementers, industry partners, end-users) appear to
exist for the planned work?
Yes. There are existing users of delegation that have adopted bespoke
solution. The different areas have adopted incompatible approaches.
Communites are likely to want interoperating libraries to satisfy
their authentication requirements.
7. Does the OGF have a reasonable role to play in the determination of
the technology?
Yes. We are consolidating and augmenting existing approaches to
identity delegation.
The current situation is one where no standard approach exists. This
lack of standard means that there is no interroperability between
different software stacks. Multiple, well-adopted implementations of
the same protocol does not exist.
-----------------------------------------
-----------------------------------------
