Dear all,
please find attached my slides from yesterdays meeting
regards
David
--
*****************************************************************
David W. Chadwick, BSc PhD
Professor of Information Systems Security
The Computing Laboratory, University of Kent, Canterbury, CT2 7NF
Tel: +44 1227 82 3221
Fax +44 1227 762 811
Mobile: +44 77 96 44 7184
Email: D.W.Chadwick(a)kent.ac.uk
Home Page: http://www.cs.kent.ac.uk/people/staff/dwc8/index.html
Research Web site: http://sec.cs.kent.ac.uk
Entrust key validation string: MLJ9-DU5T-HV8J
PGP Key ID is 0xBC238DE5
*****************************************************************
David - please send your slides to the list.
All- Send comments or corrections to notes by Feb 24th, 2006.
Note taker: Von Welch
David Chadwick reminded participants of GGF IP policy and circulated
sign-up sheet.
Agenda:
1. Charter bashing
2. Document progress
3. Credential validation service
4. Discussion of issues
Document progress:
Attributes used in OGSI Authorization is GFD 59
Use of SAML for OGSI Authorization is in Final Editor Review
https://forge.gridforum.org/tracker/index.php?aid=1612
OGSI Authorization Requirements
https://forge.gridforum.org/tracker/index.php?aid=1613
VOMS Attribute documents
Just sent
Charter progress:
David reviewed charter that he had previously sent to email list.
http://www-unix.gridforum.org/mail_archive/ogsa-authz/2006/01/
msg00015.html
David pointed out the first point of the new charter is to identify
the requirements and we are looking for representatives from key Grid
projects
Limitations of current SAML protocol:
OSG/Privilege - found they needed obligation
Sinnot/NESC - found they needed fine-grained authorization for
large databases.
Olle mentioned to possible need for definition namespaces and
namespaces for VOMS attributes
Yuri: we are attempting to connect our AAA authorization system to
GT authorization framework. Different model from PEP/PDP. Can't see
how GT authorization framework matches conceptual PDP/PEP model. Want
GT authorization developers to write document explaining their model.
Yuri: another issue - attribute management. Some attributes need
context.
David C.: That is in current SAML document, it's call environment.
Yuri: Is different. context of request is different that environment.
David C.: Two points to consider for charter:
* implementors document how their implementations fit model. Can't
make this requirements since we can't force implementors to write,
but should have as desired outcoming
* Context vs environment.
Credential Validation Service:
See David's slides.
Key point was "authentic" vs "valid" credentials.
Nate Klingenstein (I2): Forwarding attributes to home organization vs
Liberty Alliance account linking.
Meeting adjourned.
