Draft charter for OGSA-AuthN WG
Discussion among participants and potential participants has indicated a desire to proceed directly to a launch of the OGSA-AuthN working group rather than proceed through a BOF. Most people who would participate or be affected have up to now been involved in related efforts and would be able to come up to speed fairly quickly in this effort. Here are the elements of a charter, or potential charter, for this group that I have identified: 1) Review existing security profiles resulting from previous efforts of the Security area and security design group from the OGSA-WG effort a) Compare them to existing technology and best practices in the community and check for consistency of coverage b) Document authentication profiles that may be missing or incomplete b) Review mature and maturing technologies likely to affect the above best practices for grid services 2) Provide an AuthN development roadmap to compare with the overall OGSA roadmap 3) Spawn any subgroups and/or suggest associated research groups that may be necessary for consistent development in this area. The charter can be developed from the above skeleton, and the basics agreed to before the first session at OGF-19 in North Carolina. It is explicitly a part of the charter for this group to work in a symmetrical manner with any OGSA-AuthZ work that may be needed for consistency in grid services. Comments welcome. Alan Alan Sill TIGRE Senior Scientist High Performance Computing Center TTU ==================================================================== : Alan Sill, Texas Tech University Office: Admin 233, MS 4-1167 : : e-mail: Alan.Sill@ttu.edu ph. 806-742-4350 fax 806-742-4358 : ====================================================================
HI Alan I think your charter needs to add something along the following lines so that the demarcation between Authn and Authz is made clear at the outset (then there can be no turf wars in the future, heaven forbid :-). The focus of this WG is authentication. The focus of the WG-Authz group is authorisation. There may be some blurring of this distinction in the actual technologies that are used in deployments, for example, when a security token contains both a public key and attributes and can therefore be used for both authentication and authorisation purposes. Nevertheless, even is such cases, there are clearly separate procedures needed for validating a security token from an authentication perspective and an authorisation perspective. This WG will consider the former only, whilst the OGSA Authz WG will consider the latter only. In all cases the authentication validation procedures precede the authorisation validation procedures, and are a necessary precursor to the latter. regards David Alan Sill wrote:
Discussion among participants and potential participants has indicated a desire to proceed directly to a launch of the OGSA-AuthN working group rather than proceed through a BOF. Most people who would participate or be affected have up to now been involved in related efforts and would be able to come up to speed fairly quickly in this effort.
Here are the elements of a charter, or potential charter, for this group that I have identified:
1) Review existing security profiles resulting from previous efforts of the Security area and security design group from the OGSA-WG effort
a) Compare them to existing technology and best practices in the community and check for consistency of coverage
b) Document authentication profiles that may be missing or incomplete
b) Review mature and maturing technologies likely to affect the above best practices for grid services
2) Provide an AuthN development roadmap to compare with the overall OGSA roadmap
3) Spawn any subgroups and/or suggest associated research groups that may be necessary for consistent development in this area.
The charter can be developed from the above skeleton, and the basics agreed to before the first session at OGF-19 in North Carolina.
It is explicitly a part of the charter for this group to work in a symmetrical manner with any OGSA-AuthZ work that may be needed for consistency in grid services.
Comments welcome.
Alan
Alan Sill TIGRE Senior Scientist High Performance Computing Center TTU
==================================================================== : Alan Sill, Texas Tech University Office: Admin 233, MS 4-1167 : : e-mail: Alan.Sill@ttu.edu ph. 806-742-4350 fax 806-742-4358 : ====================================================================
-- caops-wg mailing list caops-wg@ogf.org http://www.ogf.org/mailman/listinfo/caops-wg
-- ***************************************************************** David W. Chadwick, BSc PhD Professor of Information Systems Security The Computing Laboratory, University of Kent, Canterbury, CT2 7NF Skype Name: davidwchadwick Tel: +44 1227 82 3221 Fax +44 1227 762 811 Mobile: +44 77 96 44 7184 Email: D.W.Chadwick@kent.ac.uk Home Page: http://www.cs.kent.ac.uk/people/staff/dwc8/index.html Research Web site: http://sec.cs.kent.ac.uk Entrust key validation string: MLJ9-DU5T-HV8J PGP Key ID is 0xBC238DE5 *****************************************************************
Hi David, Thanks for the note. I absolutely agree in principle with the demarkation that you describe, and think that there is work for each of these work groups in the respective technologies. Also, the need for communication between the two groups on related issues is clear. OGSA-AuthN should work on authentication-related technologies and a road map for grid services in the context of the overall OGSA effort in contact with CAOps, the IGTF, and informed by the previous BOFs in this area. Now that we have two announced area directors for the Security Area within OGF, I hope to work with them to develop the charter in official form, taking into account all input, with the hope and aim to hit the ground running with a charter and activities for this work group clearly thought out if possible in time for OGF 19. Thank you very much for your input and for your work in OGSA-AuthZ and related areas. All involved and with related opinions should feel welcome to participate as appropriate in each of these groups, and I look forward to the supervision of the Area Directors in developing these and other work groups, research groups, and operations groups as needed in the Security Area. I believe that one clear positive development that will result from this process will be a clear connection between CAOps, the IGTF, and other applicable authentication technologies and the OGSA standards process. I will be in touch with our new area directors to complete development of the proposed OGSA-AuthN charter in official form. All messages, public and private, on this topic including those with technical content as well as those with guidance and opinions on process are welcome. Best wishes, Alan On Oct 18, 2006, at 4:48 AM, David Chadwick wrote:
HI Alan
I think your charter needs to add something along the following lines so that the demarcation between Authn and Authz is made clear at the outset (then there can be no turf wars in the future, heaven forbid :-).
The focus of this WG is authentication. The focus of the WG-Authz group is authorisation. There may be some blurring of this distinction in the actual technologies that are used in deployments, for example, when a security token contains both a public key and attributes and can therefore be used for both authentication and authorisation purposes. Nevertheless, even is such cases, there are clearly separate procedures needed for validating a security token from an authentication perspective and an authorisation perspective. This WG will consider the former only, whilst the OGSA Authz WG will consider the latter only. In all cases the authentication validation procedures precede the authorisation validation procedures, and are a necessary precursor to the latter.
regards
David
Alan Sill wrote:
Discussion among participants and potential participants has indicated a desire to proceed directly to a launch of the OGSA- AuthN working group rather than proceed through a BOF. Most people who would participate or be affected have up to now been involved in related efforts and would be able to come up to speed fairly quickly in this effort. Here are the elements of a charter, or potential charter, for this group that I have identified: 1) Review existing security profiles resulting from previous efforts of the Security area and security design group from the OGSA-WG effort a) Compare them to existing technology and best practices in the community and check for consistency of coverage b) Document authentication profiles that may be missing or incomplete b) Review mature and maturing technologies likely to affect the above best practices for grid services 2) Provide an AuthN development roadmap to compare with the overall OGSA roadmap 3) Spawn any subgroups and/or suggest associated research groups that may be necessary for consistent development in this area. The charter can be developed from the above skeleton, and the basics agreed to before the first session at OGF-19 in North Carolina. It is explicitly a part of the charter for this group to work in a symmetrical manner with any OGSA-AuthZ work that may be needed for consistency in grid services. Comments welcome. Alan Alan Sill TIGRE Senior Scientist High Performance Computing Center TTU ==================================================================== : Alan Sill, Texas Tech University Office: Admin 233, MS 4-1167 : : e-mail: Alan.Sill@ttu.edu ph. 806-742-4350 fax 806-742-4358 : ==================================================================== -- caops-wg mailing list caops-wg@ogf.org http://www.ogf.org/mailman/listinfo/caops-wg
--
***************************************************************** David W. Chadwick, BSc PhD Professor of Information Systems Security The Computing Laboratory, University of Kent, Canterbury, CT2 7NF Skype Name: davidwchadwick Tel: +44 1227 82 3221 Fax +44 1227 762 811 Mobile: +44 77 96 44 7184 Email: D.W.Chadwick@kent.ac.uk Home Page: http://www.cs.kent.ac.uk/people/staff/dwc8/index.html Research Web site: http://sec.cs.kent.ac.uk Entrust key validation string: MLJ9-DU5T-HV8J PGP Key ID is 0xBC238DE5
*****************************************************************
Alan Sill TIGRE Senior Scientist High Performance Computing Center TTU ==================================================================== : Alan Sill, Texas Tech University Office: Admin 233, MS 4-1167 : : e-mail: Alan.Sill@ttu.edu ph. 806-742-4350 fax 806-742-4358 : ====================================================================
participants (2)
-
Alan Sill -
David Chadwick