This is something that we at NeSC (and I know many others) are interested in. My own personal perspective on the OGF AuthN and AuthZ work is that it is something everyone recognises as important, but that the detailed specification of the standards is not something many can/are able to usefully contribute to. (I think this is similar across many of the OGF standards areas). Case in point on the recent thread between David and Tom on how to use SAML AuthZ statements vs XACML contexts etc. How many folk in OGF-land are able to decide on the advantages/disadvantages of these things? We at NeSC are predominantly technology end users supporting a wide variety of e-Research projects. We have applied the implementations of the authN/authZ specs, e.g. the SAML AuthZ API, and identified their limitations etc, but it is only when these things have been implemented by the likes of the Globus and PERMIS teams for example, that we can really play an effective role. I think that this resonates across all of OGF activities be it DAIS specs for building data Grids, JSDL/BES specs for compute Grids etc. I am not sure how mature the Shibboleth/authZ has to be to be in order to be explored within OGF. I definitely think that workshops/OGF meetings showing how folk have built VOs/Campus Grids etc using the likes of Shibboleth, VOMS and other AAs, with authZ technologies such as PERMIS is needed/essential, i.e. I think the authN/authZ work should be as much about sharing expertise in how best to build secure Grids/VOs as it is on pursuing standards. Cheers, Rich -----Original Message----- From: ogsa-wg-bounces@ogf.org [mailto:ogsa-wg-bounces@ogf.org] On Behalf Of Blair Dillaway Sent: 26 June 2007 01:10 To: David Chadwick Cc: OGSA Authentication WG BoF; OGSA AUTHZ WG; OGSA-WG Subject: Re: [ogsa-wg] [ogsa-authn-bof] Notes from Joint OGSA WG AuthN/AuthZ call I don't remember any serious discussion of chartering work in this area, either within the AuthZ WG or elsewhere. So I can only surmise people haven't felt this area is adequately mature. The sessions Von hosted on Grid-Shib technology at OGF's last year certainly indicated a diverse set of approaches were being explored. Did you and Von discuss this in drafting the current charter? Do you believe things have evolved to the point where we could build critical mass around work in this area? (Of course, I'd love to hear from anyone who thinks the OGF should be doing work in this area.) Regards, Blair David Chadwick wrote:
Hi Blair
Interestingly there is one aspect of authz that has a significant amount of user interest and that is merging attributes from Shibboleth
and Grids to be used together for authz decision making. But this is currently not within the scope of the OGF OGSA Authz group's work
plan.
So what does this indicate?
regards
David
***************************************************************** David W. Chadwick, BSc PhD Professor of Information Systems Security The Computing Laboratory, University of Kent, Canterbury, CT2 7NF Skype Name: davidwchadwick Tel: +44 1227 82 3221 Fax +44 1227 762 811 Mobile: +44 77 96 44 7184 Email: D.W.Chadwick@kent.ac.uk Home Page: http://www.cs.kent.ac.uk/people/staff/dwc8/index.html Research Web site: http://www.cs.kent.ac.uk/research/groups/iss/index.html Entrust key validation string: MLJ9-DU5T-HV8J PGP Key ID is 0xBC238DE5
*****************************************************************
-- ogsa-wg mailing list ogsa-wg@ogf.org http://www.ogf.org/mailman/listinfo/ogsa-wg