Dear authz members please find attached an updated version of the charter for ratification at the next GGF meeting. If you have any comments on this charter please raise them on the list or at the next meeting in Tokyo, where I hope to get it ratified. Finally, can I ask for volunteers to start work on the authorisation scenarios and use cases document. There must be many of you on the list who already have great experience of implementing or integrating authorisation mechanisms into your grid applications and know the scenarios that you are working with, and the authorisation features that you require. So it should not be difficult for you to write these down on one or two sides of A4. I am happy to act as editor and to coordinate your input into the GGF output document. I look forward to seeing you in Tokyo regards David -- ***************************************************************** David W. Chadwick, BSc PhD Professor of Information Systems Security The Computing Laboratory, University of Kent, Canterbury, CT2 7NF Tel: +44 1227 82 3221 Fax +44 1227 762 811 Mobile: +44 77 96 44 7184 Email: D.W.Chadwick@kent.ac.uk Home Page: http://www.cs.kent.ac.uk/people/staff/dwc8/index.html Research Web site: http://sec.cs.kent.ac.uk Entrust key validation string: MLJ9-DU5T-HV8J PGP Key ID is 0xBC238DE5 *****************************************************************
David, One comment, regarding the following, is that this would also include an update to OGSA from OGSI. • A specification of Version 2 of the authorisation decision protocol between the PDP and the PEP. The returned result is an authorisation decision. Von On Apr 19, 2006, at 5:38 AM, David Chadwick wrote:
Dear authz members
please find attached an updated version of the charter for ratification at the next GGF meeting.
If you have any comments on this charter please raise them on the list or at the next meeting in Tokyo, where I hope to get it ratified.
Finally, can I ask for volunteers to start work on the authorisation scenarios and use cases document. There must be many of you on the list who already have great experience of implementing or integrating authorisation mechanisms into your grid applications and know the scenarios that you are working with, and the authorisation features that you require. So it should not be difficult for you to write these down on one or two sides of A4. I am happy to act as editor and to coordinate your input into the GGF output document.
I look forward to seeing you in Tokyo
regards
David
--
***************************************************************** David W. Chadwick, BSc PhD Professor of Information Systems Security The Computing Laboratory, University of Kent, Canterbury, CT2 7NF Tel: +44 1227 82 3221 Fax +44 1227 762 811 Mobile: +44 77 96 44 7184 Email: D.W.Chadwick@kent.ac.uk Home Page: http://www.cs.kent.ac.uk/people/staff/dwc8/index.html Research Web site: http://sec.cs.kent.ac.uk Entrust key validation string: MLJ9-DU5T-HV8J PGP Key ID is 0xBC238DE5
*****************************************************************
<OGSA_AuthZ-2-3_Charter.rtf>
David, I've reviewed the proposed charter and have a few concerns: (1) the definition of what are considered in-scope authorization components seems imprecise (2) the proposed two-phased approach, with an interim charter revision, is in conflict with other statements in the charter (3) an authorization architecture is presumed by the charter while calling out an architectural specification as a deliverable Let me try to briefly describe what concerns me in each area. (1) The charter states the purpose is to define specifications needed to support interoperability and pluggability of authorization components. That is a reasonable objective, but the discussion that follows seems to go beyond what would traditionally be considered authorization. It seems to indicate that authentication (CVS credential validation and trust assessment), SAML authentication token profiles; attribute schema communication, and some types of security protocols are all in-scope. Its unclear to me if some aspects of identity management systems and security policy management/provisioning systems are also intended to be in-scope. I suggest including a brief background section, which identifies the major functional components needed in a complete Grid security solution: identity management; policy management; secure communications; authentication; authorization; audit (aka accounting);.... I hope we could clearly indicate which of those functional components are in-scope and which aren't. (2) The charter states the initial deliverables of the group will include a scenarios and requirements document along with a revised charter based upon that work. That seems like a prudent approach to ensuring the usefullness of standards ultimately developed by the group. But, I can't reconcile that statement with the earlier statement "an early deliverable of the group will be an enhanced specification for the PEP-PDP interactions....". This, and the lengthy list of tentative documents, leaves me uncertain if the OGSA-Authz charter is intended to be very broadly scoped, allowing a number of different specifications to be developed, or to charter work on individual specifications. If it's the former, I suggest re-writing the charter to focus more on defining the overall scope and addressing how the individual specfication activities will be managed. The list of 'tentative documents' doesn't really belong in such a charter. If it's the latter, perhaps this should be separated into two more focused charters for the 'initial' and 'early' deliverables identified in the current document. (3) It is stated "the group will also provide an architecture document..." and later that one of the 'tentative documents' is a 'high level authorization architecture'. I believe this is an important document for focusing and relating the other specifications mentioned in the charter. But, is this a chartered activity, or is it dependent on the revised charter? Its also stated the initial scenario and requirements work should drive this document. At the same time, the charter clearly presumes an authorization architecture for the various documents discussed. For example, the PEP, PDP, and CVS separation. Some exisitng systems conform to this architecture, others don't. The charter should clearly state if the activities are constrained by this architecture or if alternative architectures are in-scope. I also suggest the 'desired' document "Implementers of the Authz infrastructures and the protocols specified by this group should specify how their implementations map into the concepts documented in the architecture document..." should be a requirement. Without this, it can be very difficult to understand how individual specifications relate and are expected to interface. ------ On a related issue, could you clarify if the recent draft specification submitted for comment (XACML profile and WS-TRUST/SAML profile) are being proposed as deliverables under the OGSA-Authz WG or some other WG? Regards, Blair Dillaway
-----Original Message----- From: owner-ogsa-authz@ggf.org [mailto:owner-ogsa-authz@ggf.org] On Behalf Of David Chadwick Sent: Wednesday, April 19, 2006 3:39 AM To: ogsa Authz Subject: [OGSA-AUTHZ] Revised Charter
Dear authz members
please find attached an updated version of the charter for ratification at the next GGF meeting.
If you have any comments on this charter please raise them on the list or at the next meeting in Tokyo, where I hope to get it ratified.
Finally, can I ask for volunteers to start work on the authorisation scenarios and use cases document. There must be many of you on the list who already have great experience of implementing or integrating authorisation mechanisms into your grid applications and know the scenarios that you are working with, and the authorisation features that you require. So it should not be difficult for you to write these down on one or two sides of A4. I am happy to act as editor and to coordinate your input into the GGF output document.
I look forward to seeing you in Tokyo
regards
David
--
***************************************************************** David W. Chadwick, BSc PhD Professor of Information Systems Security The Computing Laboratory, University of Kent, Canterbury, CT2 7NF Tel: +44 1227 82 3221 Fax +44 1227 762 811 Mobile: +44 77 96 44 7184 Email: D.W.Chadwick@kent.ac.uk Home Page: http://www.cs.kent.ac.uk/people/staff/dwc8/index.html Research Web site: http://sec.cs.kent.ac.uk Entrust key validation string: MLJ9-DU5T-HV8J PGP Key ID is 0xBC238DE5
*****************************************************************
Hi Blair You are right that the charter is somewhat schizophrenic. I was aware of this when I was updating the previous charter. This is due to two competing (though I hope not necessarily conflicting) requirements. Firstly there is an urgent need to update the existing OGSA-Authz profile due to a number of well documented deficiencies that early practitioners soon discovered. This update is being driven by a number of current security related research projects that have deadlines and deliverables. In order to avoid them implementing home made proprietary solutions, a standard profile in a relatively short time scale is required. This accounts for the section of the charter dealing with PEP-PDP type interactions. Secondly there is the requirement to bring many more grid users on board and to discover what their pressing and wider authorisation requirements are. This accounts for the section of the charter devoted to requirements capture and charter revision. The reason that I dont believe that the two are conflicting, is that the concept of a PEP and a PDP are already well established (for more than 10 years) and unlikely to be disbanded in the short or medium term. Thus a PEP-PDP profile is unlikely to be thrown out of the revised charter. What I believe will happen (and this is a personal opinion now) is that the additional components such as STSs, PIPs, PAPs etc that are now mentioned in the literature will become widely accepted in due course and a single model for them all will become as widely accepted as the PEP-PDP model. I have made a start on this using the term credential validation service to unify the PIP and the STS-V, although I have no strong views about its title (you can call it a PIP or an STS-V if you want), it is the functionality that is important to the profile. Blair Dillaway wrote:
David,
I've reviewed the proposed charter and have a few concerns: (1) the definition of what are considered in-scope authorization components seems imprecise
This is correct, intentionally so, and it will remain so until the revised charter is drawn up with more user involvement (2) the proposed two-phased approach, with an interim
charter revision, is in conflict with other statements in the charter
Agreed, this is due to the schizophrenia mentioned above. I dont know how to resolve this one in the short term, but if you do then I would welcome your input.
(3) an authorization architecture is presumed by the charter while calling out an architectural specification as a deliverable
A limited architecture is presumed now, comprising a PEP, PDP and call it a CVS for now, and this will be expanded as we get more input from others.
Let me try to briefly describe what concerns me in each area.
(1) The charter states the purpose is to define specifications needed to support interoperability and pluggability of authorization components. That is a reasonable objective,
thankyou. We should keep this as uppermost in mind as the driving principle. but the discussion that
follows seems to go beyond what would traditionally be considered authorization. It seems to indicate that authentication (CVS credential validation and trust assessment), SAML authentication token profiles; attribute schema communication, and some types of security protocols are all in-scope. Its unclear to me if some aspects of identity management systems and security policy management/provisioning systems are also intended to be in-scope. I suggest including a brief background section, which identifies the major functional components needed in a complete Grid security solution: identity management; policy management; secure communications; authentication; authorization; audit (aka accounting);.... I hope we could clearly indicate which of those functional components are in-scope and which aren't.
This is what I intended to happen. We do need a clear agreement on what is in scope and what isnt, and the revised charter should have a firm statement on this. In the current charter I put ideas which have been mentioned by various people into the pot so that they could be discussed more openly.
(2) The charter states the initial deliverables of the group will include a scenarios and requirements document along with a revised charter based upon that work. That seems like a prudent approach to ensuring the usefullness of standards ultimately developed by the group. But, I can't reconcile that statement with the earlier statement "an early deliverable of the group will be an enhanced specification for the PEP-PDP interactions....".
Agreed, this is due to the schizophrenia mentioned above.
This, and the lengthy list of tentative documents, leaves me uncertain if the OGSA-Authz charter is intended to be very broadly scoped, allowing a number of different specifications to be developed, or to charter work on individual specifications. If it's the former, I suggest re-writing the charter to focus more on defining the overall scope and addressing how the individual specfication activities will be managed. The list of 'tentative documents' doesn't really belong in such a charter. If it's the latter, perhaps this should be separated into two more focused charters for the 'initial' and 'early' deliverables identified in the current document.
This is something that the group as a whole should decide. Personnally I dont see a conflict in aiming for the former, whilst leaving a tentative best guess list of what the eventual specifications might contain. You could regard the list as a provisional shopping list for a recipe that hasnt been fully specified yet, but we have a general idea of the common ingredients.
(3) It is stated "the group will also provide an architecture document..." and later that one of the 'tentative documents' is a 'high level authorization architecture'. I believe this is an important document for focusing and relating the other specifications mentioned in the charter. But, is this a chartered activity, or is it dependent on the revised charter?
I hope it will be both ie. agreed to in the current charter and carried over into the revised one.
Its also stated the initial scenario and requirements work should drive this document. At the same time, the charter clearly presumes an authorization architecture for the various documents discussed. For example, the PEP, PDP, and CVS separation. Some exisitng systems conform to this architecture, others don't. The charter should clearly state if the activities are constrained by this architecture or if alternative architectures are in-scope.
Personnally I would not want the architecture to be constrained at this point in time. There has been too little discussion yet to agree upon any final architecture.
I also suggest the 'desired' document "Implementers of the Authz infrastructures and the protocols specified by this group should specify how their implementations map into the concepts documented in the architecture document..." should be a requirement. Without this, it can be very difficult to understand how individual specifications relate and are expected to interface.
I happy to upgrade this to a requirement, but the reason it is desired, is that the group cannot mandate that any particular authorisation infratructure provider writes such a document. And it would be difficult for others to write it for them. So this is why it is desirable.
------
On a related issue, could you clarify if the recent draft specification submitted for comment (XACML profile and WS-TRUST/SAML profile) are being proposed as deliverables under the OGSA-Authz WG or some other WG?
Under the OGSA-Authz WG regards David
Regards, Blair Dillaway
-----Original Message----- From: owner-ogsa-authz@ggf.org [mailto:owner-ogsa-authz@ggf.org] On Behalf Of David Chadwick Sent: Wednesday, April 19, 2006 3:39 AM To: ogsa Authz Subject: [OGSA-AUTHZ] Revised Charter
Dear authz members
please find attached an updated version of the charter for ratification at the next GGF meeting.
If you have any comments on this charter please raise them on the list or at the next meeting in Tokyo, where I hope to get it ratified.
Finally, can I ask for volunteers to start work on the authorisation scenarios and use cases document. There must be many of you on the list who already have great experience of implementing or integrating authorisation mechanisms into your grid applications and know the scenarios that you are working with, and the authorisation features that you require. So it should not be difficult for you to write these down on one or two sides of A4. I am happy to act as editor and to coordinate your input into the GGF output document.
I look forward to seeing you in Tokyo
regards
David
--
***************************************************************** David W. Chadwick, BSc PhD Professor of Information Systems Security The Computing Laboratory, University of Kent, Canterbury, CT2 7NF Tel: +44 1227 82 3221 Fax +44 1227 762 811 Mobile: +44 77 96 44 7184 Email: D.W.Chadwick@kent.ac.uk Home Page: http://www.cs.kent.ac.uk/people/staff/dwc8/index.html Research Web site: http://sec.cs.kent.ac.uk Entrust key validation string: MLJ9-DU5T-HV8J PGP Key ID is 0xBC238DE5
*****************************************************************
-- ***************************************************************** David W. Chadwick, BSc PhD Professor of Information Systems Security The Computing Laboratory, University of Kent, Canterbury, CT2 7NF Tel: +44 1227 82 3221 Fax +44 1227 762 811 Mobile: +44 77 96 44 7184 Email: D.W.Chadwick@kent.ac.uk Home Page: http://www.cs.kent.ac.uk/people/staff/dwc8/index.html Research Web site: http://sec.cs.kent.ac.uk Entrust key validation string: MLJ9-DU5T-HV8J PGP Key ID is 0xBC238DE5 *****************************************************************
David, Thanks for the quick reply. Your response really helps me better understand the thinking behind the draft, though I still find parts of the document confusing as written. It occurs to me the document might be clearer if structured into three sections. 1. Background discussion and definition of the WG scope. As you noted, this is still fuzzy and needs discussion and resolution. This would also be a good place to describe the basic architecture assumed going in and note its open to revision. 2. Initially chartered deliverables. This probably includes the scenarios and requirements doc; perhaps the architecture doc?; the two drafts you recently submitted; the VOMS doc discussed on the list today (not being involved in the development of these last 3, I don't have an opinion on their urgency). This would get rid of the confusing distinction of 'early' and 'initial' deliverables. 3. A discussion of the charter revision process for adding new deliverables. I'm assuming we'd want a a streamlined process for amending the charter with a new deliverable so long as it fits within the scope described in #1. The list of tentative deliverables could also go in this section. Does this make sense? As should be evident, I'm in favor of a broadly scoped AuthZ WG charter that can accommodate multiple deliverables. Are there people who would prefer another approach? Some other comments in-line \Blair
-----Original Message----- From: David Chadwick [mailto:d.w.chadwick@kent.ac.uk] Sent: Saturday, April 22, 2006 10:17 AM To: Blair Dillaway Cc: ogsa Authz Subject: Re: [OGSA-AUTHZ] Revised Charter
Hi Blair
You are right that the charter is somewhat schizophrenic. I was aware of this when I was updating the previous charter. This is due to two competing (though I hope not necessarily conflicting) requirements.
Firstly there is an urgent need to update the existing OGSA-Authz profile due to a number of well documented deficiencies that early practitioners soon discovered. This update is being driven by a number of current security related research projects that have deadlines and deliverables. In order to avoid them implementing home made proprietary solutions, a standard profile in a relatively short time scale is required. This accounts for the section of the charter dealing with PEP-PDP type interactions.
Secondly there is the requirement to bring many more grid users on board and to discover what their pressing and wider authorisation requirements are. This accounts for the section of the charter devoted to requirements capture and charter revision.
Agreed. It's a reason the fuzzy scope concerns me. Its hard to get people to donate time to this sort of thing when its unclear what requirements needs to be documented.
The reason that I dont believe that the two are conflicting, is that the concept of a PEP and a PDP are already well established (for more than 10 years) and unlikely to be disbanded in the short or medium term. Thus a PEP-PDP profile is unlikely to be thrown out of the revised charter. What I believe will happen (and this is a personal opinion now) is that the additional components such as STSs, PIPs, PAPs etc that are now mentioned in the literature will become widely accepted in due course and a single model for them all will become as widely accepted as the PEP-PDP model. I have made a start on this using the term credential validation service to unify the PIP and the STS-V, although I have no strong views about its title (you can call it a PIP or an STS-V if you want), it is the functionality that is important to the profile.
I don't think we disagree on the basic functional components, or the maturity of our understanding on how best to compose them. I was concerned about what seemed be architectural assumption implied by some of the doc titles: for example, that only a PEP interacts with a CVS.
Blair Dillaway wrote:
David,
I've reviewed the proposed charter and have a few concerns: (1) the definition of what are considered in-scope authorization components seems imprecise
This is correct, intentionally so, and it will remain so until the revised charter is drawn up with more user involvement
charter revision, is in conflict with other statements in
(2) the proposed two-phased approach, with an interim the charter
Agreed, this is due to the schizophrenia mentioned above. I dont know how to resolve this one in the short term, but if you do then I would welcome your input.
(3) an authorization architecture is presumed by the charter while calling out an architectural specification as a deliverable
A limited architecture is presumed now, comprising a PEP, PDP and call it a CVS for now, and this will be expanded as we get more input from others.
Let me try to briefly describe what concerns me in each area.
(1) The charter states the purpose is to define
specifications needed
to support interoperability and pluggability of authorization components. That is a reasonable objective,
thankyou. We should keep this as uppermost in mind as the driving principle.
but the discussion that
follows seems to go beyond what would traditionally be considered authorization. It seems to indicate that authentication (CVS credential validation and trust assessment), SAML authentication token profiles; attribute schema communication, and some types of security protocols are all in-scope. Its unclear to me if some aspects of identity management systems and security policy management/provisioning systems are also intended to be in-scope. I suggest including a brief background section, which identifies the major functional components needed in a complete Grid security solution: identity management; policy management; secure communications; authentication; authorization; audit (aka accounting);.... I hope we could clearly indicate which of those functional components are in-scope and which aren't.
This is what I intended to happen. We do need a clear agreement on what is in scope and what isnt, and the revised charter should have a firm statement on this. In the current charter I put ideas which have been mentioned by various people into the pot so that they could be discussed more openly.
(2) The charter states the initial deliverables of the group will include a scenarios and requirements document along with a revised charter based upon that work. That seems like a prudent approach to ensuring the usefullness of standards ultimately developed by the group. But, I can't reconcile that statement with the earlier statement "an early deliverable of the group will be an enhanced specification for the PEP-PDP interactions....".
Agreed, this is due to the schizophrenia mentioned above.
This, and the lengthy list of tentative documents, leaves me uncertain if the OGSA-Authz charter is intended to be very broadly scoped, allowing a number of different specifications to be developed, or to charter work on individual specifications. If it's the former, I suggest re-writing the charter to focus more on defining the overall scope and addressing how the individual specfication activities will be managed. The list of 'tentative documents' doesn't really belong in such a charter. If it's the latter, perhaps this should be separated into two more focused charters for the 'initial' and 'early' deliverables identified in the current document.
This is something that the group as a whole should decide.
Personnally I dont see a conflict in aiming for the former, whilst leaving a tentative best guess list of what the eventual specifications might contain. You could regard the list as a provisional shopping list for a recipe that hasnt been fully specified yet, but we have a general idea of the common ingredients.
(3) It is stated "the group will also provide an architecture document..." and later that one of the 'tentative documents' is a 'high level authorization architecture'. I believe this is an important document for focusing and relating the other
specifications
mentioned in the charter. But, is this a chartered activity, or is it dependent on the revised charter?
I hope it will be both ie. agreed to in the current charter and carried over into the revised one.
Its also stated the initial scenario and requirements work should drive this document. At the same time, the charter clearly presumes an authorization architecture for the various documents discussed. For example, the PEP, PDP, and CVS separation. Some exisitng systems conform to this architecture, others don't. The charter should clearly state if the activities are constrained by this architecture or if alternative architectures are in-scope.
Personnally I would not want the architecture to be constrained at this point in time. There has been too little discussion yet to agree upon any final architecture.
I also suggest the 'desired' document "Implementers of the Authz infrastructures and the protocols specified by this group should specify how their implementations map into the concepts
documented in
the architecture document..." should be a requirement. Without this, it can be very difficult to understand how individual specifications relate and are expected to interface.
I happy to upgrade this to a requirement, but the reason it is desired, is that the group cannot mandate that any particular authorisation infratructure provider writes such a document. And it would be difficult for others to write it for them. So this is why it is desirable.
I apparently interpreted this incorrectly and thoughtit was referring to deliverables. Now that I understand it, I agree with your rationale.
------
On a related issue, could you clarify if the recent draft specification submitted for comment (XACML profile and WS-TRUST/SAML profile) are being proposed as deliverables under the OGSA-Authz WG or some other WG?
Under the OGSA-Authz WG
regards
David
Regards, Blair Dillaway
-----Original Message----- From: owner-ogsa-authz@ggf.org [mailto:owner-ogsa-authz@ggf.org] On Behalf Of David Chadwick Sent: Wednesday, April 19, 2006 3:39 AM To: ogsa Authz Subject: [OGSA-AUTHZ] Revised Charter
Dear authz members
please find attached an updated version of the charter for ratification at the next GGF meeting.
If you have any comments on this charter please raise them on the list or at the next meeting in Tokyo, where I hope to get it ratified.
Finally, can I ask for volunteers to start work on the
authorisation
scenarios and use cases document. There must be many of you on the list who already have great experience of implementing or integrating authorisation mechanisms into your grid applications and know the scenarios that you are working with, and the authorisation features that you require. So it should not be difficult for you to write these down on one or two sides of A4. I am happy to act as editor and to coordinate your input into the GGF output document.
I look forward to seeing you in Tokyo
regards
David
--
***************************************************************** David W. Chadwick, BSc PhD Professor of Information Systems Security The Computing Laboratory, University of Kent, Canterbury, CT2 7NF Tel: +44 1227 82 3221 Fax +44 1227 762 811 Mobile: +44 77 96 44 7184 Email: D.W.Chadwick@kent.ac.uk Home Page: http://www.cs.kent.ac.uk/people/staff/dwc8/index.html Research Web site: http://sec.cs.kent.ac.uk Entrust key validation string: MLJ9-DU5T-HV8J PGP Key ID is 0xBC238DE5
*****************************************************************
--
***************************************************************** David W. Chadwick, BSc PhD Professor of Information Systems Security The Computing Laboratory, University of Kent, Canterbury, CT2 7NF Tel: +44 1227 82 3221 Fax +44 1227 762 811 Mobile: +44 77 96 44 7184 Email: D.W.Chadwick@kent.ac.uk Home Page: http://www.cs.kent.ac.uk/people/staff/dwc8/index.html Research Web site: http://sec.cs.kent.ac.uk Entrust key validation string: MLJ9-DU5T-HV8J PGP Key ID is 0xBC238DE5
*****************************************************************
On Apr 25, 2006, at 02:27, Blair Dillaway wrote:
Does this make sense? As should be evident, I'm in favor of a broadly scoped AuthZ WG charter that can accommodate multiple deliverables. Are there people who would prefer another approach?
The only downside to that is the risk of spreading the workforce too thin, with too many things happening at once. The approach most commonly used in GGF is to have a narrowly scoped charter with one or two deliverables only, crank on those documents, then recharter (or die). This resolves the group's common sense of urgency of various deliverables up front, as you have to pick and choose what to work on for the short-term. For longer-lived groups, such a recharter-recharter-recharter strategy is often accompanied by some visionary outlook or roadmap though. Trying to be pragmatic and keep things simple, I don't see why that vision couldn't be described as a "background material" section as you suggest. Bottom line: as long as the group is healthy, produce sensible output and stay focused on a few things at a time, then the charter doesn't really matter. /Olle
Olle, I believe we're thinking along the same lines, though your wording is probably better aligned with how things have been done historically in GGF. I'd just like to see a more streamlined process for rechartering for a new in-scope deliverable. I do agree its important to keep the currently chartered deliverables down to a small size. The fact there already seem to be 3 specs in progress, plus a need to do a scenarios and requirement document, does raise a concern. Blair
-----Original Message----- From: Olle Mulmo [mailto:mulmo@pdc.kth.se] Sent: Tuesday, April 25, 2006 1:09 AM To: Blair Dillaway Cc: Olle Mulmo; David Chadwick; ogsa Authz Subject: Re: [OGSA-AUTHZ] Revised Charter
On Apr 25, 2006, at 02:27, Blair Dillaway wrote:
Does this make sense? As should be evident, I'm in favor of a broadly scoped AuthZ WG charter that can accommodate multiple deliverables. Are there people who would prefer another approach?
The only downside to that is the risk of spreading the workforce too thin, with too many things happening at once.
The approach most commonly used in GGF is to have a narrowly scoped charter with one or two deliverables only, crank on those documents, then recharter (or die). This resolves the group's common sense of urgency of various deliverables up front, as you have to pick and choose what to work on for the short-term.
For longer-lived groups, such a recharter-recharter-recharter strategy is often accompanied by some visionary outlook or roadmap though. Trying to be pragmatic and keep things simple, I don't see why that vision couldn't be described as a "background material" section as you suggest.
Bottom line: as long as the group is healthy, produce sensible output and stay focused on a few things at a time, then the charter doesn't really matter.
/Olle
On Apr 25, 2006, at 17:34, Blair Dillaway wrote:
I'd just like to see a more streamlined process for rechartering for a new in-scope deliverable.
Blair, A recharter can be a very streamlined process. First, the WG needs to reach consensus on the list (the hard part). After that, the ADs need to support the recharter proposal at the steering group's standards council phone call, which currently takes place every other week. That's it. /Olle
participants (4)
-
Blair Dillaway -
David Chadwick -
Olle Mulmo -
Von Welch