Appended are the combined notes from David Chadwick and myself. Please send any corrections in the next week and then I will post them. Thanks. Von -- Preliminary Agenda * Get note taker * Working group changes - chairs, etc. * Status of V1 documents: attributes, SAML * Requirements for V2 1) Pass operation arguments to PDP to make decisions based on them (XACML supports this) 2) Pass level of authentication to PDP to make decisions based on strength of authentication (SAMLv2 supports this) 3) Return obligations to PEP (XACML supports this) 4) ANY MORE??? * Next steps ---- Von opened the meeting. Agenda was agreed. Changes in WG chairs: Andrew and Rebekah have resigned. Von thanked Rebekah and Andrew for co-chairing the meeting up to now and welcomed David Chadwick to the new co-chair post. Von said he would be stepping down as soon as V1 docs are finished and a new co-chair had volunteered. See Von or David if you are interested. Agenda Bashing: No major changes Status of V1 documents: Attribute document is in hands of GGF Editor, only one known issue from Tom Scavo re section 4.2 SAML document will be at end of WG last call at end of week. One known issue from Mary Thompson re SAML 2.0 advancement. David gave a presentation about authorisation architectures in a multi-domain environment (see slide show on Gridforge site). It considered which components are needed and how the target Source of Authority can control everything. Frank gave a similar presentation but from a different viewpoint. This considered asking remote domains (AAs) if they could help in the credential validation. Dane and Dave Berry both raised particular scenarios (push and VO manager respectively) Von suggested we need to pick a set of scenarios to constrain the problem space. Frank Siebenlist gave a overview of the Grid Authorization problem Dane raised the issue that if we have a bunch of security services with one network round-trip latency to each, we have a major performance problem Frank: services can be local Von: specification of local services makes them less technology agnostic. We may need to decide how agnostic we want to be. Final agenda item: Charter Revisions There was then a discussion about the contents of the revised Charter. Von displayed the existing charter. First two paragraphs of existing charter are OK for the revised WG. The third paragraph, which talks about a two phased approach, needs to be edited, since we are now in phase 2. Add ?it will be an authorisation architecture group for OGSA even though its output will be aimed at a wider audience than simply OGSA, it will encompass the requirements of OGSA.? Agreed to keep with the OGSA-Authz name for the group. Output documents i. Scenario document. We will provide authorisation for these scenarios. The scenarios can be part of the Architecture document. ii. Version 2 of the PEP-PDP protocol document. iii. Version 1 of the PEP-CVS protocol.
This minutes have been posted with the addition of mentioning that the GGF IP policy was mentioned. https://forge.gridforum.org/projects/ogsa-authz/document/GGF-14-OGSA- Authz-Minutes/en/1 Von On Jul 8, 2005, at 11:01 AM, Von Welch wrote:
Appended are the combined notes from David Chadwick and myself. Please send any corrections in the next week and then I will post them.
Thanks.
Von
--
Preliminary Agenda
* Get note taker
* Working group changes - chairs, etc.
* Status of V1 documents: attributes, SAML
* Requirements for V2
1) Pass operation arguments to PDP to make decisions based on them (XACML supports this) 2) Pass level of authentication to PDP to make decisions based on strength of authentication (SAMLv2 supports this) 3) Return obligations to PEP (XACML supports this) 4) ANY MORE???
* Next steps
----
Von opened the meeting. Agenda was agreed. Changes in WG chairs: Andrew and Rebekah have resigned. Von thanked Rebekah and Andrew for co-chairing the meeting up to now and welcomed David Chadwick to the new co-chair post. Von said he would be stepping down as soon as V1 docs are finished and a new co-chair had volunteered. See Von or David if you are interested.
Agenda Bashing: No major changes
Status of V1 documents:
Attribute document is in hands of GGF Editor, only one known issue from Tom Scavo re section 4.2
SAML document will be at end of WG last call at end of week. One known issue from Mary Thompson re SAML 2.0 advancement.
David gave a presentation about authorisation architectures in a multi-domain environment (see slide show on Gridforge site). It considered which components are needed and how the target Source of Authority can control everything.
Frank gave a similar presentation but from a different viewpoint. This considered asking remote domains (AAs) if they could help in the credential validation.
Dane and Dave Berry both raised particular scenarios (push and VO manager respectively)
Von suggested we need to pick a set of scenarios to constrain the problem space.
Frank Siebenlist gave a overview of the Grid Authorization problem
Dane raised the issue that if we have a bunch of security services with one network round-trip latency to each, we have a major performance problem
Frank: services can be local
Von: specification of local services makes them less technology agnostic. We may need to decide how agnostic we want to be.
Final agenda item: Charter Revisions
There was then a discussion about the contents of the revised Charter. Von displayed the existing charter.
First two paragraphs of existing charter are OK for the revised WG. The third paragraph, which talks about a two phased approach, needs to be edited, since we are now in phase 2.
Add ?it will be an authorisation architecture group for OGSA even though its output will be aimed at a wider audience than simply OGSA, it will encompass the requirements of OGSA.?
Agreed to keep with the OGSA-Authz name for the group.
Output documents i. Scenario document. We will provide authorisation for these scenarios. The scenarios can be part of the Architecture document. ii. Version 2 of the PEP-PDP protocol document. iii. Version 1 of the PEP-CVS protocol.
participants (1)
-
Von Welch