Blair Dillaway wrote:
...
On a separate thread, David Chadwick wrote:
Concerning the Autthz agenda item, there is no progress to report since oGF20. One thing we might like to consider is how do we engage the community more in contributing to this work, or do we just throw in our hats and say that no-one is really interested in pushing the authz work forward anymore and Alan wrote: For requirements gathering, David put up a wiki but got very few submissions. Stephen points out that people see a need for security but do not see the relevance of the work done here, and socialization of the work being done here is not sufficiently seen as connected to real-world needs.
I think we've all been disappointed by the level of participation in the AuthZ area. We really should consider whether continued work on the currently chartered documents is justified and what actions might lead to renewed interest.
I've been concerned about this for a while now and have spoken with some with other security professionals about this work. The general response was apathetic. Major comments were along the lines of: - Isn't the work already being done in OASIS on WS-Trust, XACML, etc. adequate - Standards in this area aren't a priority since most customers don't care about pluggability for these types of components. I have found it difficult to present a compelling counter to such arguments.
Excellent points. If the security area director cannot find any relevant interest within the grid community for the authz work after such thorough review, we should definitely pull the plug. Regards, Frank. -- Frank Siebenlist franks@mcs.anl.gov The Globus Alliance - Argonne National Laboratory