All, I have updated the two profile documents to address the public comments as per our discussion during our last session. The latest revisions are Secure Addressing (https://forge.gridforum.org/sf/go/doc14938?nav=1) and Secure Communication (https://forge.gridforum.org/sf/go/doc14937?nav=1). Secure Addressing version comments: a.. Minor edits to introduction b.. The Profile now mandates digital signature of EPRs bearing security policy c.. Minor edits to conformance targets to reflect WS-SecurityPolicy's notion of endpoint and operation policy subjects d.. Added minor security discussion recommending temporal and path validation of signing tokens e.. Other minor, non-normative edits Secure Communication version comments: a.. Minor edits to introduction b.. Incorporated WS-SecurityPolicy's notion of endpoint and operation policy subjects into conformance targets and well-known polcy documents c.. Removed FIPS conformance-related requirement d.. Added large security discussion regarding the security concerns related to binding key information within policy documents: specifically matters of trustworthiness, integrity, and validity e.. Added confidentiality requirement for using username-token f.. Added security discussion for password-digest regarding replay to other services g.. Added profiling of including a <wsu:Timestamp> element within policy documents to facilitate policy versioning h.. Added timestamp requirement for message-level Mutual X.509 binding i.. Fixed incorrect policy specification within message-level Mutual X.509 binding: improper use of alternatives for the type of X.509 token specified as the recipient token. (Now enclosed recipient tokens are X.509 PKIPath chains of one or more certificates) j.. Other minor non-normative edits Cheers, Duane ----- Original Message ----- From: Hiro Kishimoto To: ogsa-wg@ogf.org Sent: Monday, April 21, 2008 5:08 AM Subject: [ogsa-wg] [Invitation] Security profile public comment review @ 2008-04-21 18:00 – 19:00 () ogsa-wg@ogf.org, you are invited to Security profile public comment review 2008-04-21 18:00 – 19:00 (Timezone: Central Time) Calendar: When: 7-8pm EDT, 6-7pm CDT, 4-5pm PDT, 8-9am JST, midnight-1am UK Dial-in numbers: US: +1 718 3541071 (New York) or +1 408 9616509 (San Jose) UK: +44 (0)207 3655269 (London) Germany: +49 (0)69 50070802 (Frankfurt) Switzerland: +41 (0)1 8009574 (Zurich) Japan: +81 (0)3 3570 8225 (Tokyo) PIN: 4371991 See more information: - https://forge.gridforum.org/sf/go/wiki1477 Screen share service: URL: http://ogsa.glance.net/ Usage: https://forge.gridforum.org/sf/go/wiki1584 Note: ** OGF IPR POLICY APPLIES ** http://www.ogf.org/About/abt_policies.php 1) Early discussion Note taker assignment - https://forge.gridforum.org/sf/go/wiki1848 Roll call Agenda bashing 2) Minutes approval and AI review Minutes for approval April 7 call: https://forge.ogf.org/sf/go/doc15175 Action Item review http://forge.ogf.org/short/ogsa-wg/ailist 3) Security Profile Public Comments Review (Duane) Secure Addressing Profile 1.0 https://forge.gridforum.org/sf/discussion/do/listTopics/projects.ggf-editor/... Secure Communication Profile 1.0 https://forge.gridforum.org/sf/discussion/do/listTopics/projects.ggf-editor/... 4) AoB More event details» Will you attend? Yes |No |Maybe You are receiving this courtesy email at the account ogsa-wg@ogf.org because you are an attendee of this event. To stop receiving future notifications for this event, decline this event. Alternatively you can sign up for a Google account at http://www.google.com/calendar/ and control your notification settings for your entire calendar. ------------------------------------------------------------------------------ -- ogsa-wg mailing list ogsa-wg@ogf.org http://www.ogf.org/mailman/listinfo/ogsa-wg