Present: Blair Dillaway Steven Newhouse Marty Humphreys Chris Smith Balazs Konya Sergio Andreozzi Agenda 1. IPR Done. 2. Agenda Bash No changes. 3. GLUE Schema Update [See https://forge.gridforum.org/sf/go/doc14639?nav=1] Is there a link between the recent work on Application Templates and the GLUE Schema's Application Environment. It is noted that GLUE is comprehensive - we may want to profile any use. GLUE started out in EDG and OSG and produced 1.0. Version 1.3 is in production use. The specification of GLUE 2.0 is taking place in OGF so that it can get a wider adoption in other systems. There are implementers tracking the XML and SQL rendering on different platforms. Plan to submit to public comment by end of May. GLUE has 3 main areas: * General service that exposes a set of endpoints * Computing resources * Storage resources Each class has mandated and optional attributes. Only need to expose the 'classes' that you wish to describe. The classes are 'abstract' and you can add additional attributes and different 'schemas' to it to support additional services. The Application Environment provides the raw information that can be used to build the JSDL document that can be submitted into the HPCBP endpoint - perhaps focused at the power user and exposes more detail. The Application Template looks to minimize the detail that is exposed. * The Application Environment in the GLUE schema may provide a way of advertising the details imposed by the HPCBP service within the Application Template. * How to expose the GLUE description through BES. From within the FactoryAttributesDocument, another operation, or part of another service? 4. Kerberos Update [Blair] First draft circulated before the call. Need to first reach agreement that this is the use case that we are trying to solve! Need to get more feedback from beyond the authors. One option is to remain with an SSL server authenticated channel. If we use Kerberos token within the SSL channel there is no binding between Kerberos and the communication channel. Which exposes a weakness where it could be reused. We could decide to use the SP NEGO protocol within WS-Trust - it allows a session to be set up between the two endpoints - (which could include SSL or others) and then to do the actual message transfer. There is a design agreement between IBM & MS covering how to use the two (SP NEGO & WS-Trust) together. It's the default mechanism within WCF. Need to confirm that interoperable implementations are available. E.g. WCF, Java, C/C++ on linux. * Chris to look at various options within SSL. * Marty thinks there may be some support in Java. Need to make sure that we remain customer/use case focused. Are real production environments using Kerberos and SSL. 5. AOB Call next week.