Hi Mike, Jens, On Thursday 11 August 2011 15:41:29 Mike Jones wrote:
Are we any closer to forming this group?
Apologies, again, for the rather lengthy delay. I've developed a first draft of a possible charter for the group. I've not been involved with forming an OGF group before, so you're experiences are invaluable. Could you have a look and see if it seems reasonable? Cheers, Paul. --- Charter for XXXX Date XXXX Group Abbreviation: XXXX Group Name: Delegation Area: Security Group Leadership: XXX Chair XXX Chair Group Summary: The <name/> group explores issues related to identity delegation, a process where a remote agent obtains credentials from some agent that allow the remote agent to identify that operations are conducted on behalf of the first agent. Charter Focus/Purpose and Scope: There are two main purposes of the group. First, to collect the experience of parties that have already establish methods of supporting identity delegation. Second, to explore commonality between these methods and decide whether there is sufficient commonality between these appoaches to identify some common aspect that may be codified. This report may trigger further work in establishing a common standard that others may adopt; however, such work will be the responsibility of a subsequent group. Exit Strategy: The group will finish its work after collecting input from interesting parties and reporting on the possibility for establishing a common standard. Goals/Deliverables: One or more documents describing existing delegation systems. A report describing whether or not commonality exists and advising whether establising a group to devise some common activity is desirable. Seven Questions: 1. Is the scope of the proposed group sufficiently focused? Yes. The group is focused on exploring issues related to X509 certificates and how such credentials may be delegated to an agent to allow that agent to work on behalf of the deligator. The main focus will be on capturing information about existing implementations and establishing whether a common approach is feasable and desirable. 2. Are the topics that the group plans to address clear and relevant for the Grid research, development, industrial, implementation, and/or application user community? Yes. The activity of delegation is rather simple and direct. The technique of delegation has wide-spread application on any distributed system that requires third-party involvement without implicit trust. 3. Will the formation of the group foster (consensus-based) work that would not be done otherwise? Yes, there are several organisations that are currently working in isolation. By establishing this group, these organisations will have a forum to share ideas and establish a common concept of delegation. 4. Do the group's activities overlap inappropriately with those of another OGF group or to a group active in another organization such as IETF or W3C? There is no other OGF group that has direct impact on delegation and such an activity is currently not being worked on by IETF and W3C. 5. Are there sufficient interest and expertise in the group's topic, with at least several people willing to expend the effort that is likely to produce significant results over time? There is interest from the European Middleware Initiative Project (EMI), the Initiative for Globus in Europe and the International Virtual Observatory Alliance (IVOA). Additionally, others within the OGF Security area have expressed interest in the topic. 6. Does a base of interested consumers (e.g., application developers, Grid system implementers, industry partners, end-users) appear to exist for the planned work? Yes. There are existing users of delegation that have adopted bespoke solution; examples include Globus and EMI with their respective user-base. These different areas have adopted incompatible approaches. 7. Does the OGF have a reasonable role to play in the determination of the technology? Yes. The current situation is one where no standard approach exists. This lack of standard means that there is no interroperability between different software stacks. In addition, for some bespoke solutions, multiple implementations of the same protocol does not exist.