Dear colleagues, Apologies if you are getting these messages more than once due to cross-posting. Once the OGSA-AuthN work group is set up, it will have its own mailing list to which you will be able to subscribe if it is of interest, so that symptom will disappear soon. As a reminder, here are the answers that were presented to the OGSA- WG in response to the standard "seven questions" asked as part of the process of setting up a new group. Comments with respect to the authentication direction to be pursued by this group are welcome and recruited. Anything specific to the Birds-of-a-Feather session we are organizing on this topic for OGF-19 in North Carolina at the end of January is also welcome; we hope this will be a productive work group and BoF session. Alan Begin forwarded message:
From: Alan Sill <Alan.Sill@ttu.edu> Date: October 26, 2006 9:24:27 AM CDT To: Hiro Kishimoto <hiro.kishimoto@jp.fujitsu.com> Cc: Alan Sill <Alan.Sill@ttu.edu>, ogsa-wg WG <ogsa-wg@ggf.org>, David Groep <davidg@nikhef.nl>, Blair Dillaway <blaird@microsoft.com> Subject: OGSA-AuthN-WG charter effort: the Seven Questions
On Oct 23, 2006, at 9:29 PM, Hiro Kishimoto wrote:
The Seven Questions
1. Is the scope of the proposed group sufficiently focused?
The scope of the proposed group is strictly limited to authentication technologies for use within grid services architectures. As such, I believe it is sufficiently focused, although the relation to corresponding activities in authorization and in the activities of other work groups is important and clear.
2. Are the topics that the group plans to address clear and relevant for the Grid research, development, industrial, implementation, and/or application user community?
Authentication is a key security step in any chain of grid services usage. Up to now, most grid applications have either used no security (for testing purposes), a limited and often self-signed configuration again mostly for testing purposes, or have had to rely on pure deployment of X.509 technology infrastructures. Some extensive community practice has grown up in the academic community, especially with regard to deployment at and between the large-scale national laboratories and universities on an international basis, and siloed implementations exist within industry, as well as some federal non-laboratory organizations. It is a goal of this work group to document current practice and to extend the standards basis for development of AuthN technologies within all of the above communities. Another significant output will be recommendations for future work in this area, taking into account all relevant technological development in this area. Interoperability will also be an important factor, of course.
3. Will the formation of the group foster (consensus–based) work that would not be done otherwise?
Yes. Several conversations on related technologies have sprung up naturally within segments of the affected communities, as described above. The existence of an OGSA AuthN work group would allow concentration and coordination of these conversations and recommendations in a context that is explicitly connected to the overall OGSA standards effort.
4. Do the group’s activities overlap inappropriately with those of another OGF group or to a group active in another organization such as IETF or W3C? Has the relationship, if any, to the Open Grid Services Architecture (OGSA) been determined?
There is no other effort exclusively devoted to this task within OGSA. Polling of the membership of other groups active in the authentication and authorization areas has resulted in strong support for the idea of a specific OGSA effort. Groups that have been polled include the following:
CA-Ops: Within the current OGF structure, this group is defined as an operations group responsible for Certificate Authority standards and participation. It is the parent body (in a historical sense) of the IGTF described below.
International Grid Trust Federation (IGTF): an independent body comprised of three regional policy management authorities (PMAs) with membership consisting of grid certificate authority providers and (in some cases) relying parties with an interest in the operational policies and procedures of the CA providers. The primary mechanism of operation of the IGTF is through the development and common accreditation of CAs against specific, detailed CP/CPS statements within the context of Authentication Profiles (APs); APs exist for "classic PKI" deployments as well as short-lived credential and experimental services. Within the context of the IGTF PMA charters, interest has been growing in improving the variety and accessibility of grid authentication methods while retaining the ability to work with existing grid deployments with high security.
OGSA-AuthZ: This group is focused on authorization technologies. A variety of useful documents has been successfully produced through various incarnations of this group to date. Its membership is supportive of a corresponding OGSA-AuthN effort.
Shibboleth for Grids BoF: This BoF was held at GGF-18 and its activities are documented at the URL http://grid.ncsa.uiuc.edu/ events/ggf18-shib-bof/ for reference. Although focused primarily on authorization, Shibboleth technologies are consumers of authentication information and a great deal of activity is being devoted to understanding the interaction between Shibboleth and the needs of grids. The participants in the BoF mailing list are strongly supportive of an OGSA-AuthN effort.
5. Are there sufficient interest and expertise in the group’s topic, with at least several people willing to expend the effort that is likely to produce significant results over time?
Yes. A significant short-term effort should be exerted to identify authors of the proposed documents and a co-chair in the near future.
6. Does a base of interested consumers (e.g., application developers, Grid system implementers, industry partners, end-users) appear to exist for the planned work?
Yes. The BoF planned for the next OGF meeting should provide opportunities for organization of work in this area.
7. Does the OGF have a reasonable role to play in the determination of the technology?
Yes, as described above. One specific output of the group that would be made possible by the OGF will be production of an OGF document with recommended standards for OGSA-AUthN.
Respectfully submitted,
Alan Sill, Ph.D TIGRE Senior Scientist, High Performance Computing Center Adjunct Professor of Physics TTU ==================================================================== : Alan Sill, Texas Tech University Office: Admin 233, MS 4-1167 : : e-mail: Alan.Sill@ttu.edu ph. 806-742-4350 fax 806-742-4358 : ====================================================================