Start of revised charter
Dear All here is a start to a revised charter for the OGSA AUthz group. Comments and updates welcome. regards David -- ***************************************************************** David W. Chadwick, BSc PhD Professor of Information Systems Security The Computing Laboratory, University of Kent, Canterbury, CT2 7NF Tel: +44 1227 82 3221 Fax +44 1227 762 811 Mobile: +44 77 96 44 7184 Email: D.W.Chadwick@kent.ac.uk Home Page: http://www.cs.kent.ac.uk/people/staff/dwc8/index.html Research Web site: http://sec.cs.kent.ac.uk Entrust key validation string: MLJ9-DU5T-HV8J PGP Key ID is 0xBC238DE5 *****************************************************************
David, It be that I have a broken RTF reader (Mac), but when I open your document I find a garbled mix (mess?) of old and new text, to the point of it all being unreadable. For starters, it talks about deliverables at GGF 159, GGF 180, and GGF2011... :-) /Olle On Jan 19, 2006, at 23:11, David Chadwick wrote:
Dear All
here is a start to a revised charter for the OGSA AUthz group. Comments and updates welcome.
regards
David
--
***************************************************************** David W. Chadwick, BSc PhD Professor of Information Systems Security The Computing Laboratory, University of Kent, Canterbury, CT2 7NF Tel: +44 1227 82 3221 Fax +44 1227 762 811 Mobile: +44 77 96 44 7184 Email: D.W.Chadwick@kent.ac.uk Home Page: http://www.cs.kent.ac.uk/people/staff/dwc8/index.html Research Web site: http://sec.cs.kent.ac.uk Entrust key validation string: MLJ9-DU5T-HV8J PGP Key ID is 0xBC238DE5
***************************************************************** <OGSA_AuthZ-2_Charter.rtf>
Hi Olle the doc was actually a word doc with track changes switched on so that people could compare the original charter with the proposed revised one. I attach a version with all changes accepted. This should be easier to read. regards David Olle Mulmo wrote:
David,
It be that I have a broken RTF reader (Mac), but when I open your document I find a garbled mix (mess?) of old and new text, to the point of it all being unreadable. For starters, it talks about deliverables at GGF 159, GGF 180, and GGF2011... :-)
/Olle
On Jan 19, 2006, at 23:11, David Chadwick wrote:
Dear All
here is a start to a revised charter for the OGSA AUthz group. Comments and updates welcome.
regards
David
--
***************************************************************** David W. Chadwick, BSc PhD Professor of Information Systems Security The Computing Laboratory, University of Kent, Canterbury, CT2 7NF Tel: +44 1227 82 3221 Fax +44 1227 762 811 Mobile: +44 77 96 44 7184 Email: D.W.Chadwick@kent.ac.uk Home Page: http://www.cs.kent.ac.uk/people/staff/dwc8/index.html Research Web site: http://sec.cs.kent.ac.uk Entrust key validation string: MLJ9-DU5T-HV8J PGP Key ID is 0xBC238DE5
***************************************************************** <OGSA_AuthZ-2_Charter.rtf>
-- ***************************************************************** David W. Chadwick, BSc PhD Professor of Information Systems Security The Computing Laboratory, University of Kent, Canterbury, CT2 7NF Tel: +44 1227 82 3221 Fax +44 1227 762 811 Mobile: +44 77 96 44 7184 Email: D.W.Chadwick@kent.ac.uk Home Page: http://www.cs.kent.ac.uk/people/staff/dwc8/index.html Research Web site: http://sec.cs.kent.ac.uk Entrust key validation string: MLJ9-DU5T-HV8J PGP Key ID is 0xBC238DE5 *****************************************************************
I'm curious about the following item. This would seem to overlap with xkms, or do I misunderstand it. Von • A specification of a credential or security token validation protocol between the PEP and a credential/security token validation service (the returned result is a set of validated attributes that can be fed into the PDP using the authorisation protocol). On Jan 26, 2006, at 7:49 AM, David Chadwick wrote:
Hi Olle
the doc was actually a word doc with track changes switched on so that people could compare the original charter with the proposed revised one. I attach a version with all changes accepted. This should be easier to read.
regards
David
Olle Mulmo wrote:
David, It be that I have a broken RTF reader (Mac), but when I open your document I find a garbled mix (mess?) of old and new text, to the point of it all being unreadable. For starters, it talks about deliverables at GGF 159, GGF 180, and GGF2011... :-) /Olle On Jan 19, 2006, at 23:11, David Chadwick wrote:
Dear All
here is a start to a revised charter for the OGSA AUthz group. Comments and updates welcome.
regards
David
--
***************************************************************** David W. Chadwick, BSc PhD Professor of Information Systems Security The Computing Laboratory, University of Kent, Canterbury, CT2 7NF Tel: +44 1227 82 3221 Fax +44 1227 762 811 Mobile: +44 77 96 44 7184 Email: D.W.Chadwick@kent.ac.uk Home Page: http://www.cs.kent.ac.uk/people/staff/dwc8/index.html Research Web site: http://sec.cs.kent.ac.uk Entrust key validation string: MLJ9-DU5T-HV8J PGP Key ID is 0xBC238DE5
***************************************************************** <OGSA_AuthZ-2_Charter.rtf>
--
***************************************************************** David W. Chadwick, BSc PhD Professor of Information Systems Security The Computing Laboratory, University of Kent, Canterbury, CT2 7NF Tel: +44 1227 82 3221 Fax +44 1227 762 811 Mobile: +44 77 96 44 7184 Email: D.W.Chadwick@kent.ac.uk Home Page: http://www.cs.kent.ac.uk/people/staff/dwc8/index.html Research Web site: http://sec.cs.kent.ac.uk Entrust key validation string: MLJ9-DU5T-HV8J PGP Key ID is 0xBC238DE5
***************************************************************** <OGSA_AuthZ-2-1_Charter(noTrack).rtf>
Hi Von this service is similar to part of the WS-Trust STS service. It will validate any type of security token containing any type of attribute. So for example it can validate an X.509 AC or a SAML assertion. On the other hand, XKMS is only a public key service, isnt it? regards David Von Welch wrote:
I'm curious about the following item. This would seem to overlap with xkms, or do I misunderstand it.
Von
• A specification of a credential or security token validation protocol between the PEP and a credential/security token validation service (the returned result is a set of validated attributes that can be fed into the PDP using the authorisation protocol).
On Jan 26, 2006, at 7:49 AM, David Chadwick wrote:
Hi Olle
the doc was actually a word doc with track changes switched on so that people could compare the original charter with the proposed revised one. I attach a version with all changes accepted. This should be easier to read.
regards
David
Olle Mulmo wrote:
David, It be that I have a broken RTF reader (Mac), but when I open your document I find a garbled mix (mess?) of old and new text, to the point of it all being unreadable. For starters, it talks about deliverables at GGF 159, GGF 180, and GGF2011... :-) /Olle On Jan 19, 2006, at 23:11, David Chadwick wrote:
Dear All
here is a start to a revised charter for the OGSA AUthz group. Comments and updates welcome.
regards
David
--
***************************************************************** David W. Chadwick, BSc PhD Professor of Information Systems Security The Computing Laboratory, University of Kent, Canterbury, CT2 7NF Tel: +44 1227 82 3221 Fax +44 1227 762 811 Mobile: +44 77 96 44 7184 Email: D.W.Chadwick@kent.ac.uk Home Page: http://www.cs.kent.ac.uk/people/staff/dwc8/index.html Research Web site: http://sec.cs.kent.ac.uk Entrust key validation string: MLJ9-DU5T-HV8J PGP Key ID is 0xBC238DE5
***************************************************************** <OGSA_AuthZ-2_Charter.rtf>
--
***************************************************************** David W. Chadwick, BSc PhD Professor of Information Systems Security The Computing Laboratory, University of Kent, Canterbury, CT2 7NF Tel: +44 1227 82 3221 Fax +44 1227 762 811 Mobile: +44 77 96 44 7184 Email: D.W.Chadwick@kent.ac.uk Home Page: http://www.cs.kent.ac.uk/people/staff/dwc8/index.html Research Web site: http://sec.cs.kent.ac.uk Entrust key validation string: MLJ9-DU5T-HV8J PGP Key ID is 0xBC238DE5
***************************************************************** <OGSA_AuthZ-2-1_Charter(noTrack).rtf>
-- ***************************************************************** David W. Chadwick, BSc PhD Professor of Information Systems Security The Computing Laboratory, University of Kent, Canterbury, CT2 7NF Tel: +44 1227 82 3221 Fax +44 1227 762 811 Mobile: +44 77 96 44 7184 Email: D.W.Chadwick@kent.ac.uk Home Page: http://www.cs.kent.ac.uk/people/staff/dwc8/index.html Research Web site: http://sec.cs.kent.ac.uk Entrust key validation string: MLJ9-DU5T-HV8J PGP Key ID is 0xBC238DE5 *****************************************************************
Von one final thing. There is a difference between a valid attribute and an authentic attribute. An authentic attribute means that it was issued by the issuer and hasnt been tampered with (this is an authentication type decision arrived at by a technique such as signature validation). A valid attribute on the other hand is one that can be used and is trusted. So for example, an authentic United Gold card is valid for entry into the Red Carpet Club but not into Admirals club. So the validation service makes the decision whether the attribute is valid or not. regards David Von Welch wrote:
I'm curious about the following item. This would seem to overlap with xkms, or do I misunderstand it.
Von
• A specification of a credential or security token validation protocol between the PEP and a credential/security token validation service (the returned result is a set of validated attributes that can be fed into the PDP using the authorisation protocol).
On Jan 26, 2006, at 7:49 AM, David Chadwick wrote:
Hi Olle
the doc was actually a word doc with track changes switched on so that people could compare the original charter with the proposed revised one. I attach a version with all changes accepted. This should be easier to read.
regards
David
Olle Mulmo wrote:
David, It be that I have a broken RTF reader (Mac), but when I open your document I find a garbled mix (mess?) of old and new text, to the point of it all being unreadable. For starters, it talks about deliverables at GGF 159, GGF 180, and GGF2011... :-) /Olle On Jan 19, 2006, at 23:11, David Chadwick wrote:
Dear All
here is a start to a revised charter for the OGSA AUthz group. Comments and updates welcome.
regards
David
--
***************************************************************** David W. Chadwick, BSc PhD Professor of Information Systems Security The Computing Laboratory, University of Kent, Canterbury, CT2 7NF Tel: +44 1227 82 3221 Fax +44 1227 762 811 Mobile: +44 77 96 44 7184 Email: D.W.Chadwick@kent.ac.uk Home Page: http://www.cs.kent.ac.uk/people/staff/dwc8/index.html Research Web site: http://sec.cs.kent.ac.uk Entrust key validation string: MLJ9-DU5T-HV8J PGP Key ID is 0xBC238DE5
***************************************************************** <OGSA_AuthZ-2_Charter.rtf>
--
***************************************************************** David W. Chadwick, BSc PhD Professor of Information Systems Security The Computing Laboratory, University of Kent, Canterbury, CT2 7NF Tel: +44 1227 82 3221 Fax +44 1227 762 811 Mobile: +44 77 96 44 7184 Email: D.W.Chadwick@kent.ac.uk Home Page: http://www.cs.kent.ac.uk/people/staff/dwc8/index.html Research Web site: http://sec.cs.kent.ac.uk Entrust key validation string: MLJ9-DU5T-HV8J PGP Key ID is 0xBC238DE5
***************************************************************** <OGSA_AuthZ-2-1_Charter(noTrack).rtf>
-- ***************************************************************** David W. Chadwick, BSc PhD Professor of Information Systems Security The Computing Laboratory, University of Kent, Canterbury, CT2 7NF Tel: +44 1227 82 3221 Fax +44 1227 762 811 Mobile: +44 77 96 44 7184 Email: D.W.Chadwick@kent.ac.uk Home Page: http://www.cs.kent.ac.uk/people/staff/dwc8/index.html Research Web site: http://sec.cs.kent.ac.uk Entrust key validation string: MLJ9-DU5T-HV8J PGP Key ID is 0xBC238DE5 *****************************************************************
David, The Attributes document has been published as GFD-57 and should be included in the previous documents section. Mary David Chadwick wrote:
Hi Olle
the doc was actually a word doc with track changes switched on so that people could compare the original charter with the proposed revised one. I attach a version with all changes accepted. This should be easier to read.
regards
David
Olle Mulmo wrote:
David,
It be that I have a broken RTF reader (Mac), but when I open your document I find a garbled mix (mess?) of old and new text, to the point of it all being unreadable. For starters, it talks about deliverables at GGF 159, GGF 180, and GGF2011... :-)
/Olle
On Jan 19, 2006, at 23:11, David Chadwick wrote:
Dear All
here is a start to a revised charter for the OGSA AUthz group. Comments and updates welcome.
regards
David
--
***************************************************************** David W. Chadwick, BSc PhD Professor of Information Systems Security The Computing Laboratory, University of Kent, Canterbury, CT2 7NF Tel: +44 1227 82 3221 Fax +44 1227 762 811 Mobile: +44 77 96 44 7184 Email: D.W.Chadwick@kent.ac.uk Home Page: http://www.cs.kent.ac.uk/people/staff/dwc8/index.html Research Web site: http://sec.cs.kent.ac.uk Entrust key validation string: MLJ9-DU5T-HV8J PGP Key ID is 0xBC238DE5
***************************************************************** <OGSA_AuthZ-2_Charter.rtf>
-- --------------------------------------------------------------------- Mary R. Thompson <MRThompson@lbl.gov> Secure Grid Technologies Group (510) 486-7408 Lawrence Berkeley National Lab http://dsd.lbl.gov/~mrt ----------------------------------------------------------------------
participants (4)
-
David Chadwick -
Mary Thompson -
Olle Mulmo -
Von Welch