GGF 16 Notes: Feb 13, 2006 (draft)
David - please send your slides to the list. All- Send comments or corrections to notes by Feb 24th, 2006. Note taker: Von Welch David Chadwick reminded participants of GGF IP policy and circulated sign-up sheet. Agenda: 1. Charter bashing 2. Document progress 3. Credential validation service 4. Discussion of issues Document progress: Attributes used in OGSI Authorization is GFD 59 Use of SAML for OGSI Authorization is in Final Editor Review https://forge.gridforum.org/tracker/index.php?aid=1612 OGSI Authorization Requirements https://forge.gridforum.org/tracker/index.php?aid=1613 VOMS Attribute documents Just sent Charter progress: David reviewed charter that he had previously sent to email list. http://www-unix.gridforum.org/mail_archive/ogsa-authz/2006/01/ msg00015.html David pointed out the first point of the new charter is to identify the requirements and we are looking for representatives from key Grid projects Limitations of current SAML protocol: OSG/Privilege - found they needed obligation Sinnot/NESC - found they needed fine-grained authorization for large databases. Olle mentioned to possible need for definition namespaces and namespaces for VOMS attributes Yuri: we are attempting to connect our AAA authorization system to GT authorization framework. Different model from PEP/PDP. Can't see how GT authorization framework matches conceptual PDP/PEP model. Want GT authorization developers to write document explaining their model. Yuri: another issue - attribute management. Some attributes need context. David C.: That is in current SAML document, it's call environment. Yuri: Is different. context of request is different that environment. David C.: Two points to consider for charter: * implementors document how their implementations fit model. Can't make this requirements since we can't force implementors to write, but should have as desired outcoming * Context vs environment. Credential Validation Service: See David's slides. Key point was "authentic" vs "valid" credentials. Nate Klingenstein (I2): Forwarding attributes to home organization vs Liberty Alliance account linking. Meeting adjourned.
participants (1)
-
Von Welch