Frank Siebenlist wrote:
Blair Dillaway wrote:
I think we've all been disappointed by the level of participation in the AuthZ area. We really should consider whether continued work on the currently chartered documents is justified and what actions might lead to renewed interest.
I've been concerned about this for a while now and have spoken with some with other security professionals about this work. The general response was apathetic. Major comments were along the lines of: - Isn't the work already being done in OASIS on WS-Trust, XACML, etc. adequate - Standards in this area aren't a priority since most customers don't care about pluggability for these types of components. I have found it difficult to present a compelling counter to such arguments.
Excellent points.
If the security area director cannot find any relevant interest within the grid community for the authz work after such thorough review, we should definitely pull the plug.
A 'thorough review' isn't how I'd characterize this. My comments were based on conversations with several professionals who work on related security products but are not active in the OGF. Their views represent important data points, though may not be universal. I encourage all interested parties to share their views on this. Thanks, Blair Dillaway