Hi Alan thanks for your comprehensive minutes. There is just one clarification I would like to make as below Alan Sill wrote:
David C. pointed out that this discussion, while true, is at a different level than the current activities of the OGSA-AuthZ group, which focuses on protocols for transmission of authorization-related information, rather than particular specific schema or attributes. (This was an important principle in getting AuthZ activities going forward in a useful way toward standardization of the _syntax_ of attributes.) He held out the example of LDAP, which went through a similar evolution.
Actually I thought I said that the LDAP/X.500 community tried to get international agreement on standard attributes (syntax and semantics), but in the end it failed for all but a small subset of attributes (such as telephone number) as most organisations either defined their own attributes entirely, or used the syntax of existing attribute definitions but bent the semantics to fit those of their own organisation. Thus the ability to standardise all attributes and transfer a complete set of user attributes between systems in a meaningful way never materialised (ignoring the privacy issues). My gut feeling is that the same thing will happen for authorisation attributes. The granularity and semantics of attributes used in one organisation will be too finely grained for transfer between organisations, and so systems will implement either attribute mappings at gateways or reissuing of new attributes in each VO that you participate. regards David ***************************************************************** David W. Chadwick, BSc PhD Professor of Information Systems Security The Computing Laboratory, University of Kent, Canterbury, CT2 7NF Skype Name: davidwchadwick Tel: +44 1227 82 3221 Fax +44 1227 762 811 Mobile: +44 77 96 44 7184 Email: D.W.Chadwick@kent.ac.uk Home Page: http://www.cs.kent.ac.uk/people/staff/dwc8/index.html Research Web site: http://www.cs.kent.ac.uk/research/groups/iss/index.html Entrust key validation string: MLJ9-DU5T-HV8J PGP Key ID is 0xBC238DE5 *****************************************************************