On Jun 21, 2007, at 1:40 PM, Blair Dillaway wrote:
Excellent notes Alan.
On Jun 21, 2007, at 11:21 AM, David Chadwick wrote:
this is a very good set of minutes
Thanks. It was a broad-ranging discussion so credit goes to Andrew, David, Frank, Mark, Stephen and Hiro for pulling it together and contributing to it.
The question to ask here is whether grids should move toward relying on web services as the basis for interoperability? There is certainly a strong push in this direction, which I support. Web services are based on the use of SOAP messaging. WS-Security's official name is "Web Services Security: SOAP Message Security". Hence, the focus on SOAP messaging. If one wishes to use other protocols, such as RPC, there are other security standards which are appropriate.
I understand and agree completely, and my own grid effort (TIGRE) is based on web services-based implementations of grid services only. I simply point out that it it technically possible to take the same WSDL and XML and (in some cases automatically) generate code that can implement the same grid services through other mechanisms. Stating the standards basis for security more generally than SOAP might allow other implementations of grid services that do not rely on SOAP messaging but are otherwise perfectly usable by a give community, that's all. I admit that there is not at present a large community clamoring for such a generalization, although it is technically achievable. I also completely agree on the push to web services for grid service delivery. There are plenty of technical issues to settle even within the scope of current implementations.
While there are certainly interesting AuthN topics to discuss which go beyond the identified 'express' work, I am very concerned about having two AuthN groups working in parallel. It has been difficult to achieve critical mass on OGF security standard's work and I fear we'll end-up with inadequate engagement on both efforts. I suggest we look seriously at combining these efforts. Is there a scope/sequencing of work which makes sense where the 'express' profiles are the first set of deliverables for a more broadly chartered group? I don't personally care if such a group is officially part of OGSA or the Security area.
I raised this issue at OGF20, but haven't heard from anyone regarding their opinion on having one versus two efforts.
The efforts are already essentially combined. We pulled back on pushing the OGSA-AuthN work forward in order to be able to complete work on the current document series. My sense is that this work is now reaching a mature state and that the charter work can go forward on defining the AuthN body of work. The HPC-profile work done and now going on can be regarded as the first set of output from this combined effort. Re. AuthZ, my suggestion (as a member and not a leader of that group) would be to button up the current set of documents as mentioned, which essentaially summarize the current situation for posterity and point to the other OASIS, XACML and WS-Trust work, put out that set of documents (which have been circulated and lack only formalized status for reference by the community), and ask David to look at the express profile work as we asked in the meeting. There is important AuthZ work to do in the future, but it is not clear to me that this needs more of an OGSA basis than the work above, and my preference would be to go on to the OGSA work for standards as to what needs to go out over the wire to support AuthN. Much of the remaining work on AuthZ can be handled by the individual AuthZ communities. Alan Alan Sill, Ph.D TIGRE Senior Scientist, High Performance Computing Center Adjunct Professor of Physics TTU ==================================================================== : Alan Sill, Texas Tech University Office: Admin 233, MS 4-1167 : : e-mail: Alan.Sill@ttu.edu ph. 806-742-4350 fax 806-742-4358 : ====================================================================