Below, the IDEL Charter as submitted 14 March after the Security BoF (http://www.ogf.org/gf/event_schedule/index.php?id=2474) Mike ---------- Forwarded Message ---------- Subject: Charter for IDEL Date: Wednesday 14 March 2012, 14:44:43 From: Paul Millar <paul.millar@desy.de> To: Jens Jensen <j.jensen.ral@gmail.com> Hi Jens Here's the charter Cheers, Paul. --- Charter for IDEL Date 2012-03-14 Group Abbreviation: IDEL Group Name: Identity Delegation Area: Security Group Leadership: Paul Millar, Mike Jones IDEL Chair Group Summary: The IDEL group explores issues related to identity delegation, a process where a party obtains credentials from another party that allow the first party to assert that operations are conducted with the identity of the second party. Charter Focus/Purpose and Scope: There are two main purposes of the group. First, to collect the experience of communities that have already established methods of supporting identity delegation, which includes identity delegation performed during the handshake. This will include support for expressing and handling restrictions on the use of the delegated credential. Second, to define profiles for implementing the restrictions and standards that define an abstract identity delegation protocol and profiles for RESTful and SOAP. Exit Strategy: The group will finish when the goals/deliverables are completed. Goals/Deliverables: The group will write/define: o a document describing collected input from interesting parties, o protocol for achieving identity delegation and corresponding profile documents. o An experiences document describing the adoption of the protocol and profiles by the various interested communities. Seven Questions: 1. Is the scope of the proposed group sufficiently focused? Yes. The group is focused on exploring issues related to credential delegation, such as how credentials may be delegated to an agent to allow that agent to work on behalf of the delegator. Another example is investigating how restrictions are expressed and handled. The main focus will be on establishing current approaches adopted by existing software stacks and a recommendation for a common approach. 2. Are the topics that the group plans to address clear and relevant for the Grid research, development, industrial, implementation, and/or application user community? Yes. Identity delegation is already widely used by several communities, but different mechanisms cause interoperability issues. 3. Will the formation of the group foster (consensus-based) work that would not be done otherwise? Yes, there are several organisations and software providers that are currently working in isolation. By establishing this group, these organisations will have a forum to share ideas and establish a common concept of delegation. 4. Do the group's activities overlap inappropriately with those of another OGF group or to a group active in another organization such as IETF or W3C? There is no other OGF group that has direct impact on delegation and such an activity is currently not being worked on by IETF and W3C. 5. Are there sufficient interest and expertise in the group's topic, with at least several people willing to expend the effort that is likely to produce significant results over time? There is interest from the European Middleware Initiative Project (EMI), the Initiative for Globus in Europe (IGE), the International Virtual Observatory Alliance (IVOA), eXtreme Science and Engineering Discovery Environment (XSEDE) and European Desktop Grid Initiative (EDGI). 6. Does a base of interested consumers (e.g., application developers, Grid system implementers, industry partners, end-users) appear to exist for the planned work? Yes. There are existing users of delegation that have adopted bespoke solution. The different areas have adopted incompatible approaches. Communites are likely to want interoperating libraries to satisfy their authentication requirements. 7. Does the OGF have a reasonable role to play in the determination of the technology? Yes. We are consolidating and augmenting existing approaches to identity delegation. The current situation is one where no standard approach exists. This lack of standard means that there is no interroperability between different software stacks. Multiple, well-adopted implementations of the same protocol does not exist. ----------------------------------------- -----------------------------------------
participants (1)
-
Mike Jones