We are also implementing tools that allow to scope the federation metadata (amongst other things) to define who one trusts and with what security attributes etc. The first of these tools is now done and being tested with various collaborators. The tools will ultimately be integrated into the OMII software stack. If people want to see this, I am around at OGF22 and happy to run a demo or two - this in addition to the other demos we have planned showing how we are using the various implementations of the recent authZ specs. Cheers, R. -----Original Message----- From: ogsa-authz-wg-bounces@ogf.org [mailto:ogsa-authz-wg-bounces@ogf.org] On Behalf Of David Chadwick Sent: 15 February 2008 17:24 To: Krzysztof Benedyczak Cc: ogsa-authz-wg@ogf.org Subject: Re: [OGSA-AUTHZ] VO SAML Attribute Profile Of course ultimately this is not scalable nor manageable. I believe Internet 2 are working on a distributed metadata model where everyone can assert their own metadata, self sign it, and manage it. Recipients then will need to configure their own trust rules for who they trust to assert what (which is what PERMIS does today :-) regards David Krzysztof Benedyczak wrote:
Chad La Joie wrote:
Metadata is not currently self-asserted. So it's not the IdP the defines its metadata. It's the federation that is ultimately responsible for it. So, you have a third-party there vouching that the scope is appropriate for the IdP. So, if you trust that third-party you're good. OK, now everything is clear.
Thanks for the explanations!
Best regards Krzysztof -- ogsa-authz-wg mailing list ogsa-authz-wg@ogf.org http://www.ogf.org/mailman/listinfo/ogsa-authz-wg
-- ***************************************************************** David W. Chadwick, BSc PhD Professor of Information Systems Security The Computing Laboratory, University of Kent, Canterbury, CT2 7NF Skype Name: davidwchadwick Tel: +44 1227 82 3221 Fax +44 1227 762 811 Mobile: +44 77 96 44 7184 Email: D.W.Chadwick@kent.ac.uk Home Page: http://www.cs.kent.ac.uk/people/staff/dwc8/index.html Research Web site: http://www.cs.kent.ac.uk/research/groups/iss/index.html Entrust key validation string: MLJ9-DU5T-HV8J PGP Key ID is 0xBC238DE5 ***************************************************************** -- ogsa-authz-wg mailing list ogsa-authz-wg@ogf.org http://www.ogf.org/mailman/listinfo/ogsa-authz-wg