- ogsa-authz-wg - lists.ogf.org

OGSA-AuthN-WG charter effort: the Seven Questions
by Alan Sill 06 Nov '06

06 Nov '06

Dear colleagues, Apologies if you are getting these messages more than once due to cross-posting. Once the OGSA-AuthN work group is set up, it will have its own mailing list to which you will be able to subscribe if it is of interest, so that symptom will disappear soon. As a reminder, here are the answers that were presented to the OGSA- WG in response to the standard "seven questions" asked as part of the process of setting up a new group. Comments with respect to the authentication direction to be pursued by this group are welcome and recruited. Anything specific to the Birds-of-a-Feather session we are organizing on this topic for OGF-19 in North Carolina at the end of January is also welcome; we hope this will be a productive work group and BoF session. Alan Begin forwarded message: > From: Alan Sill <Alan.Sill(a)ttu.edu> > Date: October 26, 2006 9:24:27 AM CDT > To: Hiro Kishimoto <hiro.kishimoto(a)jp.fujitsu.com> > Cc: Alan Sill <Alan.Sill(a)ttu.edu>, ogsa-wg WG <ogsa-wg(a)ggf.org>, > David Groep <davidg(a)nikhef.nl>, Blair Dillaway <blaird(a)microsoft.com> > Subject: OGSA-AuthN-WG charter effort: the Seven Questions > > > On Oct 23, 2006, at 9:29 PM, Hiro Kishimoto wrote: > >> The Seven Questions >> >> 1. Is the scope of the proposed group sufficiently focused? > > The scope of the proposed group is strictly limited to > authentication technologies for use within grid services > architectures. As such, I believe it is sufficiently focused, > although the relation to corresponding activities in authorization > and in the activities of other work groups is important and clear. > >> 2. Are the topics that the group plans to address clear and >> relevant for >> the Grid research, development, industrial, implementation, and/or >> application user community? > > Authentication is a key security step in any chain of grid services > usage. Up to now, most grid applications have either used no > security (for testing purposes), a limited and often self-signed > configuration again mostly for testing purposes, or have had to > rely on pure deployment of X.509 technology infrastructures. Some > extensive community practice has grown up in the academic > community, especially with regard to deployment at and between the > large-scale national laboratories and universities on an > international basis, and siloed implementations exist within > industry, as well as some federal non-laboratory organizations. It > is a goal of this work group to document current practice and to > extend the standards basis for development of AuthN technologies > within all of the above communities. Another significant output > will be recommendations for future work in this area, taking into > account all relevant technological development in this area. > Interoperability will also be an important factor, of course. > >> 3. Will the formation of the group foster (consensus–based) work that >> would not be done otherwise? > > Yes. Several conversations on related technologies have sprung up > naturally within segments of the affected communities, as described > above. The existence of an OGSA AuthN work group would allow > concentration and coordination of these conversations and > recommendations in a context that is explicitly connected to the > overall OGSA standards effort. > >> 4. Do the group’s activities overlap inappropriately with those of >> another OGF group or to a group active in another organization >> such as >> IETF or W3C? Has the relationship, if any, to the Open Grid Services >> Architecture (OGSA) been determined? > > There is no other effort exclusively devoted to this task within > OGSA. Polling of the membership of other groups active in the > authentication and authorization areas has resulted in strong > support for the idea of a specific OGSA effort. Groups that have > been polled include the following: > > CA-Ops: Within the current OGF structure, this group is defined as > an operations group responsible for Certificate Authority standards > and participation. It is the parent body (in a historical sense) > of the IGTF described below. > > International Grid Trust Federation (IGTF): an independent body > comprised of three regional policy management authorities (PMAs) > with membership consisting of grid certificate authority providers > and (in some cases) relying parties with an interest in the > operational policies and procedures of the CA providers. The > primary mechanism of operation of the IGTF is through the > development and common accreditation of CAs against specific, > detailed CP/CPS statements within the context of Authentication > Profiles (APs); APs exist for "classic PKI" deployments as well as > short-lived credential and experimental services. Within the > context of the IGTF PMA charters, interest has been growing in > improving the variety and accessibility of grid authentication > methods while retaining the ability to work with existing grid > deployments with high security. > > OGSA-AuthZ: This group is focused on authorization technologies. A > variety of useful documents has been successfully produced through > various incarnations of this group to date. Its membership is > supportive of a corresponding OGSA-AuthN effort. > > Shibboleth for Grids BoF: This BoF was held at GGF-18 and its > activities are documented at the URL http://grid.ncsa.uiuc.edu/ > events/ggf18-shib-bof/ for reference. Although focused primarily > on authorization, Shibboleth technologies are consumers of > authentication information and a great deal of activity is being > devoted to understanding the interaction between Shibboleth and the > needs of grids. The participants in the BoF mailing list are > strongly supportive of an OGSA-AuthN effort. > >> 5. Are there sufficient interest and expertise in the group’s topic, >> with at least several people willing to expend the effort that is >> likely >> to produce significant results over time? > > Yes. A significant short-term effort should be exerted to identify > authors of the proposed documents and a co-chair in the near future. > >> 6. Does a base of interested consumers (e.g., application developers, >> Grid system implementers, industry partners, end-users) appear to >> exist >> for the planned work? > > Yes. The BoF planned for the next OGF meeting should provide > opportunities for organization of work in this area. > >> 7. Does the OGF have a reasonable role to play in the >> determination of >> the technology? > > Yes, as described above. One specific output of the group that > would be made possible by the OGF will be production of an OGF > document with recommended standards for OGSA-AUthN. > > Respectfully submitted, Alan Sill, Ph.D TIGRE Senior Scientist, High Performance Computing Center Adjunct Professor of Physics TTU ==================================================================== : Alan Sill, Texas Tech University Office: Admin 233, MS 4-1167 : : e-mail: Alan.Sill(a)ttu.edu ph. 806-742-4350 fax 806-742-4358 : ====================================================================

1 0

Planning attendance for OGF-19 BoF: OGSA-AuthN WG
by Alan Sill 06 Nov '06

06 Nov '06

I am working on the session form for OGF-19 for the BoF we would like to have on the OGSA-AuthN charter to set its initial direction and specific deliverables. Anyone who would like to give a talk, keeping in mind that the session is short, is welcome. A draft charter in short form for this group is at: http://www.ggf.org/gf/group_info/charter.php?review&group=OGSA-AuthN-WG and other related documents will be published shortly. If you are interested in working on the topic of authentication for OGSA grid services, please do contact me. All interested parties are welcome to this effort so we can keep grid services architecture authentication on a good design basis and in touch with the best current and future practices in the field. I am also specifically recruiting help in the form of co-conveners to help with the leadership of this work group. Please also welcome our new OGF Security Area Directors Blair Dillaway and David Groep, and give them the benefit of your communication on various related topics, and every possible cooperation, suggestions, work on documents and standards, etc. If you are going to be in North Carolina for the OGF-19 conference and are interested in these topics, I would like to hear from you. Best, Alan Alan Sill, Ph.D TIGRE Senior Scientist, High Performance Computing Center Adjunct Professor of Physics TTU ==================================================================== : Alan Sill, Texas Tech University Office: Admin 233, MS 4-1167 : : e-mail: Alan.Sill(a)ttu.edu ph. 806-742-4350 fax 806-742-4358 : ====================================================================

1 0

Next Telecon
by David Chadwick 01 Nov '06

01 Nov '06

Dear All the next teleconference is scheduled for Monday 16 October at the following times 7:00 US West Coast 10:00 US East Coast 15:00 UK 16:00 Europe 23:00 Japan Frank S circulated a set of numbers to be used in his last email message of 13 Sept. They are > Skype number is <skype:+99008275780044> > > > > If you want to use a regular phone in the US, call *#1-712-432-4000 with > > Conference Room Number: *5780044* It seems they have the following alternative "local" regular phone call-in numbers available for some European countries: Austria 0820 400 01562 Belgium 0703 59 984 France 0826 100 266 Germany 01805 00 7620 UK 0870 119 2350 I suggest the following provisional agenda 1. Discussion of updated CVS Requirements document (to be circulated soon) 2. Discussion of revised Authorisation Functional components doc (to be circulated soon) 3. Update on suggested changes to VOMS attribute profile 4. Update on documentation of GT4 interfaces 4. Any other topics? Once we can get reasonable agreements on 1 and 2 above, I would then like to move onto discussing protocols between the various authorisation components. But I suggest that this will be at the next telecon after this one. If you have any comments on the above prior to the telecom, please circulate the list regards David -- ***************************************************************** David W. Chadwick, BSc PhD Professor of Information Systems Security The Computing Laboratory, University of Kent, Canterbury, CT2 7NF Skype Name: davidwchadwick Tel: +44 1227 82 3221 Fax +44 1227 762 811 Mobile: +44 77 96 44 7184 Email: D.W.Chadwick(a)kent.ac.uk Home Page: http://www.cs.kent.ac.uk/people/staff/dwc8/index.html Research Web site: http://sec.cs.kent.ac.uk Entrust key validation string: MLJ9-DU5T-HV8J PGP Key ID is 0xBC238DE5 *****************************************************************

7 22

Fwd: OGSA-AuthN-WG charter effort: URL and the Seven Questions
by Alan Sill 26 Oct '06

26 Oct '06

Comments and input, volunteers for documents and co-conveners welcome. BoF will be at OGF-19. See also http://www.ggf.org/gf/group_info/charter.php?review&group=OGSA-AuthN-WG Again, comments welcome. Best, Alan Begin forwarded message: > From: Alan Sill <Alan.Sill(a)ttu.edu> > Date: October 26, 2006 9:24:27 AM CDT > To: Hiro Kishimoto <hiro.kishimoto(a)jp.fujitsu.com> > Cc: Alan Sill <Alan.Sill(a)ttu.edu>, ogsa-wg WG <ogsa-wg(a)ggf.org>, > David Groep <davidg(a)nikhef.nl>, Blair Dillaway <blaird(a)microsoft.com> > Subject: OGSA-AuthN-WG charter effort: the Seven Questions > > > On Oct 23, 2006, at 9:29 PM, Hiro Kishimoto wrote: > >> The Seven Questions >> >> 1. Is the scope of the proposed group sufficiently focused? > > The scope of the proposed group is strictly limited to > authentication technologies for use within grid services > architectures. As such, I believe it is sufficiently focused, > although the relation to corresponding activities in authorization > and in the activities of other work groups is important and clear. > >> 2. Are the topics that the group plans to address clear and >> relevant for >> the Grid research, development, industrial, implementation, and/or >> application user community? > > Authentication is a key security step in any chain of grid services > usage. Up to now, most grid applications have either used no > security (for testing purposes), a limited and often self-signed > configuration again mostly for testing purposes, or have had to > rely on pure deployment of X.509 technology infrastructures. Some > extensive community practice has grown up in the academic > community, especially with regard to deployment at and between the > large-scale national laboratories and universities on an > international basis, and siloed implementations exist within > industry, as well as some federal non-laboratory organizations. It > is a goal of this work group to document current practice and to > extend the standards basis for development of AuthN technologies > within all of the above communities. Another significant output > will be recommendations for future work in this area, taking into > account all relevant technological development in this area. > Interoperability will also be an important factor, of course. > >> 3. Will the formation of the group foster (consensus–based) work that >> would not be done otherwise? > > Yes. Several conversations on related technologies have sprung up > naturally within segments of the affected communities, as described > above. The existence of an OGSA AuthN work group would allow > concentration and coordination of these conversations and > recommendations in a context that is explicitly connected to the > overall OGSA standards effort. > >> 4. Do the group’s activities overlap inappropriately with those of >> another OGF group or to a group active in another organization >> such as >> IETF or W3C? Has the relationship, if any, to the Open Grid Services >> Architecture (OGSA) been determined? > > There is no other effort exclusively devoted to this task within > OGSA. Polling of the membership of other groups active in the > authentication and authorization areas has resulted in strong > support for the idea of a specific OGSA effort. Groups that have > been polled include the following: > > CA-Ops: Within the current OGF structure, this group is defined as > an operations group responsible for Certificate Authority standards > and participation. It is the parent body (in a historical sense) > of the IGTF described below. > > International Grid Trust Federation (IGTF): an independent body > comprised of three regional policy management authorities (PMAs) > with membership consisting of grid certificate authority providers > and (in some cases) relying parties with an interest in the > operational policies and procedures of the CA providers. The > primary mechanism of operation of the IGTF is through the > development and common accreditation of CAs against specific, > detailed CP/CPS statements within the context of Authentication > Profiles (APs); APs exist for "classic PKI" deployments as well as > short-lived credential and experimental services. Within the > context of the IGTF PMA charters, interest has been growing in > improving the variety and accessibility of grid authentication > methods while retaining the ability to work with existing grid > deployments with high security. > > OGSA-AuthZ: This group is focused on authorization technologies. A > variety of useful documents has been successfully produced through > various incarnations of this group to date. Its membership is > supportive of a corresponding OGSA-AuthN effort. > > Shibboleth for Grids BoF: This BoF was held at GGF-18 and its > activities are documented at the URL http://grid.ncsa.uiuc.edu/ > events/ggf18-shib-bof/ for reference. Although focused primarily > on authorization, Shibboleth technologies are consumers of > authentication information and a great deal of activity is being > devoted to understanding the interaction between Shibboleth and the > needs of grids. The participants in the BoF mailing list are > strongly supportive of an OGSA-AuthN effort. > >> 5. Are there sufficient interest and expertise in the group’s topic, >> with at least several people willing to expend the effort that is >> likely >> to produce significant results over time? > > Yes. A significant short-term effort should be exerted to identify > authors of the proposed documents and a co-chair in the near future. > >> 6. Does a base of interested consumers (e.g., application developers, >> Grid system implementers, industry partners, end-users) appear to >> exist >> for the planned work? > > Yes. The BoF planned for the next OGF meeting should provide > opportunities for organization of work in this area. > >> 7. Does the OGF have a reasonable role to play in the >> determination of >> the technology? > > Yes, as described above. One specific output of the group that > would be made possible by the OGF will be production of an OGF > document with recommended standards for OGSA-AUthN. > > Respectfully submitted, > > Alan Sill > TIGRE Senior Scientist > High Performance Computing Center > TTU > > ==================================================================== > : Alan Sill, Texas Tech University Office: Admin 233, MS 4-1167 : > : e-mail: Alan.Sill(a)ttu.edu ph. 806-742-4350 fax 806-742-4358 : > ==================================================================== > Alan Sill TIGRE Senior Scientist High Performance Computing Center TTU ==================================================================== : Alan Sill, Texas Tech University Office: Admin 233, MS 4-1167 : : e-mail: Alan.Sill(a)ttu.edu ph. 806-742-4350 fax 806-742-4358 : ====================================================================

1 0

[ogsa-wg] Proposed agenda for Oct. 26th call
by Hiro Kishimoto 25 Oct '06

25 Oct '06

Hi all, The following is a proposed agenda for OGSA-WG telecon on Oct. 26th Thursday from 8:30am - 10:30am (CDT). Attention: Summer time ends Oct. 29. New time slot in next week and after. Mon: 5-7pm ET, 4-6pm CT, 2-4pm PT, 7-9am JST, 10pm-midnight UK Thu: 8-10am ET, 7-9am CT, 5-7am PT, 10pm-midnight JST, 1-3pm UK Dial-in numbers for Thursday: Free: +1-888-452-0308 Intl/Toll: +1-484-644-0505 PIN: 71815 See more information: - https://forge.gridforum.org/sf/go/wiki1477?nav=1 Screen share service will be provided. URL: http://ogsa.glance.net Session key: 1026 See more explanation: https://forge.gridforum.org/sf/go/wiki1584?nav=1 1) Early discussion (20 min) Note taker assignment Roll call Telecon minutes approval (Oct. 23) - https://forge.gridforum.org/sf/go/doc13966 Action Items status review (see the bottom of this email) Agenda bashing 2) Nov F2F update (Hiro) 3) OGSA-AuthN-WG charter discussion (Alan Sill, 60 min) Minutes from Oct. 5th call > * What is the best low hanging fruit to attack > - Authentication? > - Do we want to narrowly profile SAML for point > to point authorization? > -- Next step to be delegation > - What use cases should we consider? > - What other profiles for authentication should we look at? > -- SAML? > -- X509 Varient in which we conote identify > with regards to WS-Naming (EPI) > -- Federation of identity > --- There are people solving this problem > and we shouldn't re-invent > --- SAML > - What in the OGSA use case space. If you plan to federate > identity. > - If your site has user name password, how do you federate that > - One of the nice things about SAML is that you can have > assertions that consolodate authentication domains. > -- You may not have to have an X509 for that > username/password > - Equally important is authenticating the service to the user. > - Need Auth Working group. > - Shibolith > -- You still need a source of identity (X509, or something) > - Auth Schemes > -- X509 > -- Kerberos > -- Member Integrated Credential Service > --- AD, LDAP, etc. > - WS-Trust falls short of the mark > - Seems optimistic to say that Shibolith does Auth, but > it's being looked into seriously. > * BoF > - Need to start preparation for a BoF > - Alan Sill willing to take responsibility for pushing > the process for getting a charter ready > - AI-1005a: Alan Sill to have draft Charter ready before > next security telecon (Dave to help and only as stand > in for new area director). > - Do we need more covereage if we have an active authorization > and authentication working groups > -- No, we need more covereage > -- AI-1005b: People to send Dave Snelling more > information, ideas for more > security calls to complete coverage > - Two weeks from today is the next security call. Alan's charter draft: http://www.ggf.org/gf/group_info/charter.php?review&group=OGSA-AuthN-WG People to send Dave Snelling more information, ideas for more security calls to complete coverage 4) Wrap up (10 min) AOB <*NEXT CALL*> https://forge.gridforum.org/sf/go/wiki1477?nav=1 Oct. 30 (Mon): OGSA roadmap, DMTF work register, CIM profile introduction Nov. 2 (Thu): Information/data modeling, EMS Architecture scenarios Nov. 6 (Mon): EGA reference model, OGSA roadmap Nov. 9 & 10: F2F meeting in Tampa <*ACTION ITEMS*> https://forge.gridforum.org/sf/go/wiki1569 > From Oct. 23 call AI-1023a: Tom and Ellen will do a CIM Profile Introduction for Oct.30 (45-60 minutes session) AI-1023b: Tom and Ellen will start working on an introductory example for the F2F. - The exact topic is not decided. It may be good to make sure that it aligns with the XQuery examples that Michel is using. (Tom will contact Michel.) - Michel and Fred should be involved in this work. AI-1023c: Tom volunteered to review Hiro's HPC Cluster use case slides and make appropriate changes to indicate where the CIM Profile would fit in and how it would link into the Reference Model. AI-1023d: Paul will add more items to list on slide 6 of the HPC Cluster use case AI-1023e: Hiro will send out references to relevant OGF specs, e.g., BES and CDDLM AI-1023f: Paul will review relevant OGF specs and give feedback to Hiro for the next version of the use case slide deck. AI-1023g: Hiro will look at other parts of slide 5 and identify further possible refinements of this use case. > From Oct. 5 call. AI-1005b: People to send Dave Snelling more information, ideas for more security calls to complete coverage (Since this does not have any specific owners, it will be closed Oct. 26) > From Sept. 28 call. AI-0928a: Takuya will issue a final call on BSP-Core on the list. > From Sept. 21 call. AI-0921c: Dave S (as Standards VP) to talk to the next Security ADs (Blair Dillaway and David Groep) about the Security Area task list. > From Sept. 15 OGSA F2F AI-0915a: (A Savva, S McGough): Set up a telephone conference to collect workflow (BPEL) experience AI-0915d: Tom will post BP base faults issue to tracker AI-0915e: Hiro to talk with OGF Editor to start an errata process > From Aug. 17 call AI-0817a: Dave Berry and Jay Unger will approach groups (GIN, Globus, etc) that have implemented practical grids and start a discussion on how they handle data: - how data is treated as a resource that can be scheduled - how transfers are modeled - how files are advertised - how applications find files (query, by knowledge,?) (Due Oct. 9) > From Aug. 3 call AI-0803e: Jun will provide an example of the CDL mechanism and why using ID/IDREF is not a good idea. AI-0803f: Jun will update the CDL document to remove the Environment variables > From July 20 F2F - EGR-WG (Ravi) will contact Geoffrey Fox and invites him to contribute use cases. - Andreas to go through the minutes and formulate a reply mail to Geoffrey on each artifact covered in these minutes. Postponed: Until next EMS call (Nov. 2): AI-0914a (Andreas Savva): Integrate the simple Data scenario just presented into the scenarios document AI-0913a: Andreas to update function names of BES. AI-0913b: Andrew to write-up a couple of such JM functionalities (short paragraph for each, e.g. time constraint as JSDL extension.) AI-0913c: Andreas to add another scenario to use this “terminate” method of activity interface. AI-0913e: Andreas to separate un-deployment as a separate scenario. AI-0913f: Andreas to describe relation between ACS and CDDLM. AI-0913g: Donal to provide his proposal on "ActivityExecutionCandidate." AI-0831e: (A Savva) Talk to ACS working group for refining this scenario. AI-0831f: (A Savvva) Research RNS and probably update the EMS Arch Scenarios document ---- Hiro Kishimoto

1 0

Functional components doc
by David Chadwick 24 Oct '06

24 Oct '06

Dear WG I have uploaded a slightly revised version of the authz functional components document that reflects the agreements of our telecon on 16 Oct. I believe that this document is now complete, apart from minor editorial corrections, in which case we can make a start on specifying the three interfaces/protocols that result from this document. Our next telecon is on 8 Nov, so these protocols/interfaces will be the primary subject for discussion regards David

1 0

Draft charter for OGSA-AuthN WG
by Alan Sill 18 Oct '06

18 Oct '06

Discussion among participants and potential participants has indicated a desire to proceed directly to a launch of the OGSA-AuthN working group rather than proceed through a BOF. Most people who would participate or be affected have up to now been involved in related efforts and would be able to come up to speed fairly quickly in this effort. Here are the elements of a charter, or potential charter, for this group that I have identified: 1) Review existing security profiles resulting from previous efforts of the Security area and security design group from the OGSA-WG effort a) Compare them to existing technology and best practices in the community and check for consistency of coverage b) Document authentication profiles that may be missing or incomplete b) Review mature and maturing technologies likely to affect the above best practices for grid services 2) Provide an AuthN development roadmap to compare with the overall OGSA roadmap 3) Spawn any subgroups and/or suggest associated research groups that may be necessary for consistent development in this area. The charter can be developed from the above skeleton, and the basics agreed to before the first session at OGF-19 in North Carolina. It is explicitly a part of the charter for this group to work in a symmetrical manner with any OGSA-AuthZ work that may be needed for consistency in grid services. Comments welcome. Alan Alan Sill TIGRE Senior Scientist High Performance Computing Center TTU ==================================================================== : Alan Sill, Texas Tech University Office: Admin 233, MS 4-1167 : : e-mail: Alan.Sill(a)ttu.edu ph. 806-742-4350 fax 806-742-4358 : ====================================================================

2 2

[ogsa-wg] Proposed agenda for Oct. 19th call
by Hiro Kishimoto 18 Oct '06

18 Oct '06

Hi all, The following is a proposed agenda for OGSA-WG telecon on Oct. 19th Thursday from 8:30am - 10:30am (CDT). Dial-in numbers for Thursday: Free: +1-888-452-0308 Intl/Toll: +1-484-644-0505 PIN: 71815 See more information: - https://forge.gridforum.org/sf/go/wiki1477?nav=1 Screen share service will be provided. URL: http://ogsa.glance.net Session key: 1019 See more explanation: https://forge.gridforum.org/sf/go/wiki1584?nav=1 1) Early discussion (20 min) Note taker assignment Roll call Telecon minutes approval (Oct. 16) - https://forge.gridforum.org/sf/go/doc13952 Action Items status review (see the bottom of this email) Agenda bashing 2) Nov. F2F update (Hiro Kishimoto, 10 min) 3) OGSA AuthN WG BoF draft (Alan Sill, 30 min) > - Alan Sill willing to take responsibility for pushing the process > for getting a charter ready > - AI-1005a: Alan Sill to have draft Charter ready before next > security telecon (Dave to help and only as stand in for new area > director). > - Do we need more covereage if we have an active authorization and > authentication working groups > -- No, we need more covereage > -- AI-1005b: People to send Dave Snelling more information, ideas for > more security calls to complete coverage 4) Security Profile Update (Takuya Mori, 30 min) > AI-0928a: Takuya will issue a final call on BSP-Core on the list. > - Need to check status of WS-I documents > - Secure Channel Profile on next telecon 5) Information/data modeling (Ellen Stokes, 30 min) > - Discussion on if a requirements XML document could be constructed > with powerful comparative expressions and at same time avoids the > XPath expressions/joins on collecting input documents? Perhaps just > the relevant subset of a query in job. - Agreed to discuss more in > second hour on Next Call - Oct 19th 6) Wrap up AOB <*NEXT CALL*> https://forge.gridforum.org/sf/go/wiki1477?nav=1 Oct. 23 (Mon): EGA reference model, OGSA roadmap Oct. 26 (Thu): Information/data modeling, EMS scenarios Oct. 30 (Mon): DMTF work register Nov. 2 (Thu): Security Nov. 6 (Mon): EGA reference model, OGSA roadmap Nov. 9 (Thu): F2F prep <*ACTION ITEMS*> https://forge.gridforum.org/sf/go/wiki1569 > From Oct. 16 call. AI-1009d: Jem Will post tomorrow, comments received and will put into tracker. AI-1005a: Charter form created, ready for review. Hiro will send links to charters. Paper work for new working group needed - can use security design team folder in OGSA temporarily. Feedback: Use next OGF to start WG rather than form a BOF. Hiro will bring proposal to GFSG, since needs security Area Director approval & GFSG. > From Oct. 8 call. AI-1009a: Review slide 6 again and clarify what the problem is (Reference Model Design Team) AI-1009b: Review the Reference Model 'Manage Job' in more detail. Specifically look at it from the perspective of an enterprise application (e.g., a 3-tier app) (Reference Model Design Team) AI-1009c: Hiro to ask Jay to provide his comments for Slide 6 - Perspective of submitter vs platform provider and the hierarchical model connection AI-1009d: Jem will produce a topic discussion list for the converged glossary > From Oct. 5 call. AI-1005a: Alan Sill willing to take responsibility for pushing the process for getting a charter ready (by Oct. 19) AI-1005b: People to send Dave Snelling more information, ideas for more security calls to complete coverage (Since this does not have any specific owners, it will be closed Oct. 19) > From Sept. 28 call. AI-0928a: Takuya will issue a final call on BSP-Core on the list. > From Sept. 25 call. AI-0925c: Hiro to ask Alan Clark to ask EGA TC member who want to contribute to join the OGSA list and this convergence work. - Members may have changed but organizations have not AI-0925g: Tom will send a note to the list (to: Ellen S and Fred M) on why the current separation of service/info model may not be quite right. > From Sept. 15 OGSA F2F AI-0915a: (A Savva, S McGough): Set up a telephone conference to collect workflow (BPEL) experience AI-0915d: Tom will post BP base faults issue to tracker AI-0915e: Hiro to talk with OGF Editor to start an errata process > From Aug. 17 call AI-0817a: Dave Berry and Jay Unger will approach groups (GIN, Globus, etc) that have implemented practical grids and start a discussion on how they handle data: - how data is treated as a resource that can be scheduled - how transfers are modeled - how files are advertised - how applications find files (query, by knowledge,?) (Due Oct. 9) > From Aug. 3 call AI-0803e: Jun will provide an example of the CDL mechanism and why using ID/IDREF is not a good idea. AI-0803f: Jun will update the CDL document to remove the Environment variables > From July 20 F2F - EGR-WG (Ravi) will contact Geoffrey Fox and invites him to contribute use cases. - Andreas to go through the minutes and formulate a reply mail to Geoffrey on each artifact covered in these minutes. Postponed: Until next EMS call (Oct. 26): AI-0914a (Andreas Savva): Integrate the simple Data scenario just presented into the scenarios document AI-0913a: Andreas to update function names of BES. AI-0913b: Andrew to write-up a couple of such JM functionalities (short paragraph for each, e.g. time constraint as JSDL extension.) AI-0913c: Andreas to add another scenario to use this “terminate” method of activity interface. AI-0913e: Andreas to separate un-deployment as a separate scenario. AI-0913f: Andreas to describe relation between ACS and CDDLM. AI-0913g: Donal to provide his proposal on "ActivityExecutionCandidate." AI-0831e: (A Savva) Talk to ACS working group for refining this scenario. AI-0831f: (A Savvva) Research RNS and probably update the EMS Arch Scenarios document AI-0921c: Dave S (as Standards VP) to talk to the next Security AD (when one is selected) about the Security Area task list. ---- Hiro Kishimoto

1 0

conference starting
by David Chadwick 16 Oct '06

16 Oct '06

-- ***************************************************************** David W. Chadwick, BSc PhD Professor of Information Systems Security The Computing Laboratory, University of Kent, Canterbury, CT2 7NF Skype Name: davidwchadwick Tel: +44 1227 82 3221 Fax +44 1227 762 811 Mobile: +44 77 96 44 7184 Email: D.W.Chadwick(a)kent.ac.uk Home Page: http://www.cs.kent.ac.uk/people/staff/dwc8/index.html Research Web site: http://sec.cs.kent.ac.uk Entrust key validation string: MLJ9-DU5T-HV8J PGP Key ID is 0xBC238DE5 *****************************************************************

1 0

Next Telecon
by David Chadwick 16 Oct '06

16 Oct '06

Dear All the next teleconference is scheduled for TODAY Monday 16 October at the following times 7:00 US West Coast 10:00 US East Coast 15:00 UK 16:00 Europe 23:00 Japan I have put the following updated documents on the OGSA-Authz web site for the meeting: i) CVS requirements ii)Authz functional components You can find them here https://forge.gridforum.org/sf/go/projects.ogsa-authz/docman.root.authz_ser… Frank S circulated a set of numbers to be used in his last email message of 13 Sept. They are > Skype number is <skype:+99008275780044> > > > > If you want to use a regular phone in the US, call *#1-712-432-4000 with > > Conference Room Number: *5780044* It seems they have the following alternative "local" regular phone call-in numbers available for some European countries: Austria 0820 400 01562 Belgium 0703 59 984 France 0826 100 266 Germany 01805 00 7620 UK 0870 119 2350 I suggest the following provisional agenda 1. Discussion of updated CVS Requirements document (to be circulated soon) 2. Discussion of revised Authorisation Functional components doc (to be circulated soon) 3. Update on suggested changes to VOMS attribute profile 4. Update on documentation of GT4 interfaces 4. Any other topics? Once we can get reasonable agreements on 1 and 2 above, I would then like to move onto discussing protocols between the various authorisation components. But I suggest that this will be at the next telecon after this one. If you have any comments on the above prior to the telecom, please circulate the list regards David -- ***************************************************************** David W. Chadwick, BSc PhD Professor of Information Systems Security The Computing Laboratory, University of Kent, Canterbury, CT2 7NF Skype Name: davidwchadwick Tel: +44 1227 82 3221 Fax +44 1227 762 811 Mobile: +44 77 96 44 7184 Email: D.W.Chadwick(a)kent.ac.uk Home Page: http://www.cs.kent.ac.uk/people/staff/dwc8/index.html Research Web site: http://sec.cs.kent.ac.uk Entrust key validation string: MLJ9-DU5T-HV8J PGP Key ID is 0xBC238DE5 *****************************************************************

1 0