[update] OGSA Security Profile 1.0 - Secure Channel
Dear All, I have updated the SP - SC document as we discussed in the Nov 27 conference call, and I think it's ready for FINAL CALL. Please have a look through the document. Any comments are welcomed. The updated version of the profile is available on GridForge. OGSA Security Profile 1.0 - Secure Channel: https://forge.gridforum.org/sf/docman/do/downloadDocument/projects.ogsa-wg/d... Changes: - accepted all the change trackers - updated the acknowledgement section - updated the extensibility points since those of the extended profile had been updated - added a sentence on the extensibility points E009 and E011 - updated Table 6 - a number of changes, mainly gramatical errors Best regards, Takuya ---- Takuya Mori moritaku@bx.jp.nec.com / tk-mori@isd.nec.co.jp System Platform Software Development Division NEC Corporation, Tokyo Japan
Takuya, I think a short section on WS-Policy needs to be added before publishing (Sorry for bring this at this late time but I am just catching up with GGF work after a long distraction). This is to allow a service to advertise if it supports and/or requires the use of the profile. Let me know if it isn't too late. Abdeslem DJAOUI ///////////////////// -----Or From: ogsa-wg-bounces@ogf.org [mailto:ogsa-wg-bounces@ogf.org]On Behalf Of Takuya Mori Sent: Tuesday, December 05, 2006 11:07 AM To: ogsa-wg@ogf.org Subject: [ogsa-wg] [update] OGSA Security Profile 1.0 - Secure Channel Dear All, I have updated the SP - SC document as we discussed in the Nov 27 conference call, and I think it's ready for FINAL CALL. Please have a look through the document. Any comments are welcomed. The updated version of the profile is available on GridForge. OGSA Security Profile 1.0 - Secure Channel: https://forge.gridforum.org/sf/docman/do/downloadDocument/projects.ogsa-wg/d... Changes: - accepted all the change trackers - updated the acknowledgement section - updated the extensibility points since those of the extended profile had been updated - added a sentence on the extensibility points E009 and E011 - updated Table 6 - a number of changes, mainly gramatical errors Best regards, Takuya ---- Takuya Mori moritaku@bx.jp.nec.com / tk-mori@isd.nec.co.jp System Platform Software Development Division NEC Corporation, Tokyo Japan -- ogsa-wg mailing list ogsa-wg@ogf.org http://www.ogf.org/mailman/listinfo/ogsa-wg
Abdeslem, Though WS-Policy is making its way through the standards process it is a bit too early to make any statements about it in this profile. (It would probably make the type of profile go down to informational if we did---according to GFD.59.) Also I think it is too late in the process for this document to include substantially new content. This final call is for re-submission to the Editor for publication; not for public comment. Finally the statements that I think you are after do not seem specific to this profile. They would presumably be more useful in a more basic OGSA profile, perhaps a future version of the OGSA (WSRF) BP or some similar basic profile. Just my 2 yen. -- Andreas Djaoui, A (Abdeslem) wrote:
Takuya,
I think a short section on WS-Policy needs to be added before publishing (Sorry for bring this at this late time but I am just catching up with GGF work after a long distraction). This is to allow a service to advertise if it supports and/or requires the use of the profile.
Let me know if it isn't too late.
Abdeslem DJAOUI /////////////////////
-----Or From: ogsa-wg-bounces@ogf.org [mailto:ogsa-wg-bounces@ogf.org]On Behalf Of Takuya Mori Sent: Tuesday, December 05, 2006 11:07 AM To: ogsa-wg@ogf.org Subject: [ogsa-wg] [update] OGSA Security Profile 1.0 - Secure Channel
Dear All,
I have updated the SP - SC document as we discussed in the Nov 27 conference call, and I think it's ready for FINAL CALL.
Please have a look through the document. Any comments are welcomed.
The updated version of the profile is available on GridForge. OGSA Security Profile 1.0 - Secure Channel: https://forge.gridforum.org/sf/docman/do/downloadDocument/projects.ogsa-wg/d...
Changes: - accepted all the change trackers - updated the acknowledgement section - updated the extensibility points since those of the extended profile had been updated - added a sentence on the extensibility points E009 and E011 - updated Table 6 - a number of changes, mainly gramatical errors
Best regards, Takuya
---- Takuya Mori moritaku@bx.jp.nec.com / tk-mori@isd.nec.co.jp System Platform Software Development Division NEC Corporation, Tokyo Japan -- ogsa-wg mailing list ogsa-wg@ogf.org http://www.ogf.org/mailman/listinfo/ogsa-wg -- ogsa-wg mailing list ogsa-wg@ogf.org http://www.ogf.org/mailman/listinfo/ogsa-wg
-- Andreas Savva Fujitsu Laboratories Ltd
OK Andreas I didn't realise this is the final re-submission to the Editor. I agree it is too late for major edits. However WS-Policy has reached last call working draft status and it is used by all current OASIS/W3C Web Services specifications and profiles (which are at an advanced state too). It is also implemented widely. As such and according to GFD.59 it would still qualify the profile for recommended profile status. I think WS-Policy statements/Assertions should be within the scope of any new specification or profile not just BP. This is because as policy engines are becoming widespread, the meaning of a service description goes beyong WSDL but includes policy documents too. May be this is the right time for the OGSA-WG to look into the potential uses of WS-Policy for its domain specific requirements and capabilities (e.g. Operational and deployment characteristics, QOS, ...). Cheers Abdeslem //////// -----Original Message----- From: Andreas Savva [mailto:andreas.savva@jp.fujitsu.com] Sent: Wednesday, December 06, 2006 2:23 AM To: Djaoui, A (Abdeslem) Cc: Takuya Mori; ogsa-wg@ogf.org Subject: Re: [ogsa-wg] [update] OGSA Security Profile 1.0 - Secure Channel Abdeslem, Though WS-Policy is making its way through the standards process it is a bit too early to make any statements about it in this profile. (It would probably make the type of profile go down to informational if we did---according to GFD.59.) Also I think it is too late in the process for this document to include substantially new content. This final call is for re-submission to the Editor for publication; not for public comment. Finally the statements that I think you are after do not seem specific to this profile. They would presumably be more useful in a more basic OGSA profile, perhaps a future version of the OGSA (WSRF) BP or some similar basic profile. Just my 2 yen. -- Andreas Djaoui, A (Abdeslem) wrote:
Takuya,
I think a short section on WS-Policy needs to be added before publishing (Sorry for bring this at this late time but I am just catching up with GGF work after a long distraction). This is to allow a service to advertise if it supports and/or requires the use of the profile.
Let me know if it isn't too late.
Abdeslem DJAOUI /////////////////////
-----Or From: ogsa-wg-bounces@ogf.org [mailto:ogsa-wg-bounces@ogf.org]On Behalf Of Takuya Mori Sent: Tuesday, December 05, 2006 11:07 AM To: ogsa-wg@ogf.org Subject: [ogsa-wg] [update] OGSA Security Profile 1.0 - Secure Channel
Dear All,
I have updated the SP - SC document as we discussed in the Nov 27 conference call, and I think it's ready for FINAL CALL.
Please have a look through the document. Any comments are welcomed.
The updated version of the profile is available on GridForge. OGSA Security Profile 1.0 - Secure Channel: https://forge.gridforum.org/sf/docman/do/downloadDocument/projects.ogsa-wg/d...
Changes: - accepted all the change trackers - updated the acknowledgement section - updated the extensibility points since those of the extended profile had been updated - added a sentence on the extensibility points E009 and E011 - updated Table 6 - a number of changes, mainly gramatical errors
Best regards, Takuya
---- Takuya Mori moritaku@bx.jp.nec.com / tk-mori@isd.nec.co.jp System Platform Software Development Division NEC Corporation, Tokyo Japan -- ogsa-wg mailing list ogsa-wg@ogf.org http://www.ogf.org/mailman/listinfo/ogsa-wg -- ogsa-wg mailing list ogsa-wg@ogf.org http://www.ogf.org/mailman/listinfo/ogsa-wg
-- Andreas Savva Fujitsu Laboratories Ltd
Abdeslem, I believe there is already an action on a few people within the group to look into ws-policy and report back. (This is in a slightly different context though.) This security profile really has to get published; it's been cooking for too long. Thanks Andreas Djaoui, A (Abdeslem) wrote:
OK Andreas I didn't realise this is the final re-submission to the Editor. I agree it is too late for major edits.
However WS-Policy has reached last call working draft status and it is used by all current OASIS/W3C Web Services specifications and profiles (which are at an advanced state too). It is also implemented widely. As such and according to GFD.59 it would still qualify the profile for recommended profile status.
I think WS-Policy statements/Assertions should be within the scope of any new specification or profile not just BP. This is because as policy engines are becoming widespread, the meaning of a service description goes beyong WSDL but includes policy documents too.
May be this is the right time for the OGSA-WG to look into the potential uses of WS-Policy for its domain specific requirements and capabilities (e.g. Operational and deployment characteristics, QOS, ...).
Cheers
Abdeslem ////////
-----Original Message----- From: Andreas Savva [mailto:andreas.savva@jp.fujitsu.com] Sent: Wednesday, December 06, 2006 2:23 AM To: Djaoui, A (Abdeslem) Cc: Takuya Mori; ogsa-wg@ogf.org Subject: Re: [ogsa-wg] [update] OGSA Security Profile 1.0 - Secure Channel
Abdeslem,
Though WS-Policy is making its way through the standards process it is a bit too early to make any statements about it in this profile. (It would probably make the type of profile go down to informational if we did---according to GFD.59.)
Also I think it is too late in the process for this document to include substantially new content. This final call is for re-submission to the Editor for publication; not for public comment.
Finally the statements that I think you are after do not seem specific to this profile. They would presumably be more useful in a more basic OGSA profile, perhaps a future version of the OGSA (WSRF) BP or some similar basic profile.
Just my 2 yen. -- Andreas
Djaoui, A (Abdeslem) wrote:
Takuya,
I think a short section on WS-Policy needs to be added before publishing (Sorry for bring this at this late time but I am just catching up with GGF work after a long distraction). This is to allow a service to advertise if it supports and/or requires the use of the profile.
Let me know if it isn't too late.
Abdeslem DJAOUI /////////////////////
-----Or From: ogsa-wg-bounces@ogf.org [mailto:ogsa-wg-bounces@ogf.org]On Behalf Of Takuya Mori Sent: Tuesday, December 05, 2006 11:07 AM To: ogsa-wg@ogf.org Subject: [ogsa-wg] [update] OGSA Security Profile 1.0 - Secure Channel
Dear All,
I have updated the SP - SC document as we discussed in the Nov 27 conference call, and I think it's ready for FINAL CALL.
Please have a look through the document. Any comments are welcomed.
The updated version of the profile is available on GridForge. OGSA Security Profile 1.0 - Secure Channel: https://forge.gridforum.org/sf/docman/do/downloadDocument/projects.ogsa-wg/d...
Changes: - accepted all the change trackers - updated the acknowledgement section - updated the extensibility points since those of the extended profile had been updated - added a sentence on the extensibility points E009 and E011 - updated Table 6 - a number of changes, mainly gramatical errors
Best regards, Takuya
---- Takuya Mori moritaku@bx.jp.nec.com / tk-mori@isd.nec.co.jp System Platform Software Development Division NEC Corporation, Tokyo Japan -- ogsa-wg mailing list ogsa-wg@ogf.org http://www.ogf.org/mailman/listinfo/ogsa-wg -- ogsa-wg mailing list ogsa-wg@ogf.org http://www.ogf.org/mailman/listinfo/ogsa-wg
Hi Abdeslem and Andreas, Let's evaluate WS-Policy separate from BP. I guess OGSA can use this for future development. Thanks, ---- Hiro Kishimoto Andreas Savva wrote:
Abdeslem,
I believe there is already an action on a few people within the group to look into ws-policy and report back. (This is in a slightly different context though.)
This security profile really has to get published; it's been cooking for too long.
Thanks Andreas
Djaoui, A (Abdeslem) wrote:
OK Andreas I didn't realise this is the final re-submission to the Editor. I agree it is too late for major edits.
However WS-Policy has reached last call working draft status and it is used by all current OASIS/W3C Web Services specifications and profiles (which are at an advanced state too). It is also implemented widely. As such and according to GFD.59 it would still qualify the profile for recommended profile status.
I think WS-Policy statements/Assertions should be within the scope of any new specification or profile not just BP. This is because as policy engines are becoming widespread, the meaning of a service description goes beyong WSDL but includes policy documents too.
May be this is the right time for the OGSA-WG to look into the potential uses of WS-Policy for its domain specific requirements and capabilities (e.g. Operational and deployment characteristics, QOS, ...).
Cheers
Abdeslem ////////
-----Original Message----- From: Andreas Savva [mailto:andreas.savva@jp.fujitsu.com] Sent: Wednesday, December 06, 2006 2:23 AM To: Djaoui, A (Abdeslem) Cc: Takuya Mori; ogsa-wg@ogf.org Subject: Re: [ogsa-wg] [update] OGSA Security Profile 1.0 - Secure Channel
Abdeslem,
Though WS-Policy is making its way through the standards process it is a bit too early to make any statements about it in this profile. (It would probably make the type of profile go down to informational if we did---according to GFD.59.)
Also I think it is too late in the process for this document to include substantially new content. This final call is for re-submission to the Editor for publication; not for public comment.
Finally the statements that I think you are after do not seem specific to this profile. They would presumably be more useful in a more basic OGSA profile, perhaps a future version of the OGSA (WSRF) BP or some similar basic profile.
Just my 2 yen. -- Andreas
Djaoui, A (Abdeslem) wrote:
Takuya,
I think a short section on WS-Policy needs to be added before publishing (Sorry for bring this at this late time but I am just catching up with GGF work after a long distraction). This is to allow a service to advertise if it supports and/or requires the use of the profile.
Let me know if it isn't too late.
Abdeslem DJAOUI /////////////////////
-----Or From: ogsa-wg-bounces@ogf.org [mailto:ogsa-wg-bounces@ogf.org]On Behalf Of Takuya Mori Sent: Tuesday, December 05, 2006 11:07 AM To: ogsa-wg@ogf.org Subject: [ogsa-wg] [update] OGSA Security Profile 1.0 - Secure Channel
Dear All,
I have updated the SP - SC document as we discussed in the Nov 27 conference call, and I think it's ready for FINAL CALL.
Please have a look through the document. Any comments are welcomed.
The updated version of the profile is available on GridForge. OGSA Security Profile 1.0 - Secure Channel: https://forge.gridforum.org/sf/docman/do/downloadDocument/projects.ogsa-wg/d...
Changes: - accepted all the change trackers - updated the acknowledgement section - updated the extensibility points since those of the extended profile had been updated - added a sentence on the extensibility points E009 and E011 - updated Table 6 - a number of changes, mainly gramatical errors
Best regards, Takuya
---- Takuya Mori moritaku@bx.jp.nec.com / tk-mori@isd.nec.co.jp System Platform Software Development Division NEC Corporation, Tokyo Japan -- ogsa-wg mailing list ogsa-wg@ogf.org http://www.ogf.org/mailman/listinfo/ogsa-wg -- ogsa-wg mailing list ogsa-wg@ogf.org http://www.ogf.org/mailman/listinfo/ogsa-wg
-- ogsa-wg mailing list ogsa-wg@ogf.org http://www.ogf.org/mailman/listinfo/ogsa-wg
Hi Hiro Is it possible to schedule a discussion at OG19 (of the F2F if there is one). I will try and come along. Abdeslem -----Original Message----- From: Hiro Kishimoto [mailto:hiro.kishimoto@jp.fujitsu.com] Sent: Wednesday, December 06, 2006 2:12 PM To: Andreas Savva Cc: Djaoui, A (Abdeslem); ogsa-wg@ogf.org Subject: Re: [ogsa-wg] [update] OGSA Security Profile 1.0 - Secure Channel Hi Abdeslem and Andreas, Let's evaluate WS-Policy separate from BP. I guess OGSA can use this for future development. Thanks, ---- Hiro Kishimoto Andreas Savva wrote:
Abdeslem,
I believe there is already an action on a few people within the group to look into ws-policy and report back. (This is in a slightly different context though.)
This security profile really has to get published; it's been cooking for too long.
Thanks Andreas
Djaoui, A (Abdeslem) wrote:
OK Andreas I didn't realise this is the final re-submission to the Editor. I agree it is too late for major edits.
However WS-Policy has reached last call working draft status and it is used by all current OASIS/W3C Web Services specifications and profiles (which are at an advanced state too). It is also implemented widely. As such and according to GFD.59 it would still qualify the profile for recommended profile status.
I think WS-Policy statements/Assertions should be within the scope of any new specification or profile not just BP. This is because as policy engines are becoming widespread, the meaning of a service description goes beyong WSDL but includes policy documents too.
May be this is the right time for the OGSA-WG to look into the potential uses of WS-Policy for its domain specific requirements and capabilities (e.g. Operational and deployment characteristics, QOS, ...).
Cheers
Abdeslem ////////
-----Original Message----- From: Andreas Savva [mailto:andreas.savva@jp.fujitsu.com] Sent: Wednesday, December 06, 2006 2:23 AM To: Djaoui, A (Abdeslem) Cc: Takuya Mori; ogsa-wg@ogf.org Subject: Re: [ogsa-wg] [update] OGSA Security Profile 1.0 - Secure Channel
Abdeslem,
Though WS-Policy is making its way through the standards process it is a bit too early to make any statements about it in this profile. (It would probably make the type of profile go down to informational if we did---according to GFD.59.)
Also I think it is too late in the process for this document to include substantially new content. This final call is for re-submission to the Editor for publication; not for public comment.
Finally the statements that I think you are after do not seem specific to this profile. They would presumably be more useful in a more basic OGSA profile, perhaps a future version of the OGSA (WSRF) BP or some similar basic profile.
Just my 2 yen. -- Andreas
Djaoui, A (Abdeslem) wrote:
Takuya,
I think a short section on WS-Policy needs to be added before publishing (Sorry for bring this at this late time but I am just catching up with GGF work after a long distraction). This is to allow a service to advertise if it supports and/or requires the use of the profile.
Let me know if it isn't too late.
Abdeslem DJAOUI /////////////////////
-----Or From: ogsa-wg-bounces@ogf.org [mailto:ogsa-wg-bounces@ogf.org]On Behalf Of Takuya Mori Sent: Tuesday, December 05, 2006 11:07 AM To: ogsa-wg@ogf.org Subject: [ogsa-wg] [update] OGSA Security Profile 1.0 - Secure Channel
Dear All,
I have updated the SP - SC document as we discussed in the Nov 27 conference call, and I think it's ready for FINAL CALL.
Please have a look through the document. Any comments are welcomed.
The updated version of the profile is available on GridForge. OGSA Security Profile 1.0 - Secure Channel: https://forge.gridforum.org/sf/docman/do/downloadDocument/projects.ogsa-wg/d...
Changes: - accepted all the change trackers - updated the acknowledgement section - updated the extensibility points since those of the extended profile had been updated - added a sentence on the extensibility points E009 and E011 - updated Table 6 - a number of changes, mainly gramatical errors
Best regards, Takuya
---- Takuya Mori moritaku@bx.jp.nec.com / tk-mori@isd.nec.co.jp System Platform Software Development Division NEC Corporation, Tokyo Japan -- ogsa-wg mailing list ogsa-wg@ogf.org http://www.ogf.org/mailman/listinfo/ogsa-wg -- ogsa-wg mailing list ogsa-wg@ogf.org http://www.ogf.org/mailman/listinfo/ogsa-wg
-- ogsa-wg mailing list ogsa-wg@ogf.org http://www.ogf.org/mailman/listinfo/ogsa-wg
Hi Abdeslem, Given WS-Policy came up during our XQuery discussion, (see meeting minutes at https://forge.gridforum.org/sf/go/doc14033) we can discuss it at the "information/data model session" at OGF19. In addition to OGF19, if Tom Maguire and Ellen Stokes become ready, we could have discussion at OGSA-WG telecon either on December 14 (Thur) or January 11 (Thur). Tom and Ellen: What do you think? Thanks, ---- Hiro Kishimoto Djaoui, A (Abdeslem) wrote:
Hi Hiro
Is it possible to schedule a discussion at OG19 (of the F2F if there is one). I will try and come along.
Abdeslem
-----Original Message----- From: Hiro Kishimoto [mailto:hiro.kishimoto@jp.fujitsu.com] Sent: Wednesday, December 06, 2006 2:12 PM To: Andreas Savva Cc: Djaoui, A (Abdeslem); ogsa-wg@ogf.org Subject: Re: [ogsa-wg] [update] OGSA Security Profile 1.0 - Secure Channel
Hi Abdeslem and Andreas,
Let's evaluate WS-Policy separate from BP. I guess OGSA can use this for future development.
Thanks, ---- Hiro Kishimoto
Andreas Savva wrote:
Abdeslem,
I believe there is already an action on a few people within the group to look into ws-policy and report back. (This is in a slightly different context though.)
This security profile really has to get published; it's been cooking for too long.
Thanks Andreas
Djaoui, A (Abdeslem) wrote:
OK Andreas I didn't realise this is the final re-submission to the Editor. I agree it is too late for major edits.
However WS-Policy has reached last call working draft status and it is used by all current OASIS/W3C Web Services specifications and profiles (which are at an advanced state too). It is also implemented widely. As such and according to GFD.59 it would still qualify the profile for recommended profile status.
I think WS-Policy statements/Assertions should be within the scope of any new specification or profile not just BP. This is because as policy engines are becoming widespread, the meaning of a service description goes beyong WSDL but includes policy documents too.
May be this is the right time for the OGSA-WG to look into the potential uses of WS-Policy for its domain specific requirements and capabilities (e.g. Operational and deployment characteristics, QOS, ...).
Cheers
Abdeslem ////////
-----Original Message----- From: Andreas Savva [mailto:andreas.savva@jp.fujitsu.com] Sent: Wednesday, December 06, 2006 2:23 AM To: Djaoui, A (Abdeslem) Cc: Takuya Mori; ogsa-wg@ogf.org Subject: Re: [ogsa-wg] [update] OGSA Security Profile 1.0 - Secure Channel
Abdeslem,
Though WS-Policy is making its way through the standards process it is a bit too early to make any statements about it in this profile. (It would probably make the type of profile go down to informational if we did---according to GFD.59.)
Also I think it is too late in the process for this document to include substantially new content. This final call is for re-submission to the Editor for publication; not for public comment.
Finally the statements that I think you are after do not seem specific to this profile. They would presumably be more useful in a more basic OGSA profile, perhaps a future version of the OGSA (WSRF) BP or some similar basic profile.
Just my 2 yen. -- Andreas
Djaoui, A (Abdeslem) wrote:
Takuya,
I think a short section on WS-Policy needs to be added before publishing (Sorry for bring this at this late time but I am just catching up with GGF work after a long distraction). This is to allow a service to advertise if it supports and/or requires the use of the profile.
Let me know if it isn't too late.
Abdeslem DJAOUI /////////////////////
-----Or From: ogsa-wg-bounces@ogf.org [mailto:ogsa-wg-bounces@ogf.org]On Behalf Of Takuya Mori Sent: Tuesday, December 05, 2006 11:07 AM To: ogsa-wg@ogf.org Subject: [ogsa-wg] [update] OGSA Security Profile 1.0 - Secure Channel
Dear All,
I have updated the SP - SC document as we discussed in the Nov 27 conference call, and I think it's ready for FINAL CALL.
Please have a look through the document. Any comments are welcomed.
The updated version of the profile is available on GridForge. OGSA Security Profile 1.0 - Secure Channel: https://forge.gridforum.org/sf/docman/do/downloadDocument/projects.ogsa-wg/d...
Changes: - accepted all the change trackers - updated the acknowledgement section - updated the extensibility points since those of the extended profile had been updated - added a sentence on the extensibility points E009 and E011 - updated Table 6 - a number of changes, mainly gramatical errors
Best regards, Takuya
---- Takuya Mori moritaku@bx.jp.nec.com / tk-mori@isd.nec.co.jp System Platform Software Development Division NEC Corporation, Tokyo Japan -- ogsa-wg mailing list ogsa-wg@ogf.org http://www.ogf.org/mailman/listinfo/ogsa-wg -- ogsa-wg mailing list ogsa-wg@ogf.org http://www.ogf.org/mailman/listinfo/ogsa-wg
-- ogsa-wg mailing list ogsa-wg@ogf.org http://www.ogf.org/mailman/listinfo/ogsa-wg
The text that is new in Section 3 has the same problem that Von Welch (correctly) identified with the previous version: The document references the "Basic-Security-Profile" in section 3.2.1. I was confused at first as to whether this was the OGSA BSP or the WS-I BSP. I suggest this usage include the full title of the document being referenced. Here's one example of the text that needs to be clarified: " Note that while section 4.2 of the Basic Security Profile 1.0 mandates, recommends, and discourages support for certain ciphersuites, the Basic Security Profile 1.0 does not prohibit use of any specific ciphersuite. While section 3.3, 3.4 and 3.5 of the Profile prohibits certain ciphersuites, the Profile does not prohibit use of any specific ciphersuite other than those." Instead of writing "Basic Security Profile 1.0", can't you write "WS-I Basic Security Profile 1.0"? And instead of "Profile", can't you write "OGSA Security Profile 1.0 - Secure Channel"? (If indeed this is what you mean). And please change it in ALL places in the text, not just this single line. More broadly, I'm not sure what makes THIS one (the "secure channel") *NOT* a "BASIC Profile", while "core" is a "BASIC" profile. They're both optional to OGSA services, so arguably "BASIC" should be removed from the title of "core" as well. Stated differently, I question the logic of referring to something that addresses the fringe concept of "key information binding to an endpoint reference" as "BASIC" and referring to something that essentially just talks about TLS/SSL as apparently *NOT* "BASIC". -- Marty -----Original Message----- From: ogsa-wg-bounces@ogf.org [mailto:ogsa-wg-bounces@ogf.org] On Behalf Of Takuya Mori Sent: Tuesday, December 05, 2006 6:07 AM To: ogsa-wg@ogf.org Subject: [ogsa-wg] [update] OGSA Security Profile 1.0 - Secure Channel Dear All, I have updated the SP - SC document as we discussed in the Nov 27 conference call, and I think it's ready for FINAL CALL. Please have a look through the document. Any comments are welcomed. The updated version of the profile is available on GridForge. OGSA Security Profile 1.0 - Secure Channel: https://forge.gridforum.org/sf/docman/do/downloadDocument/projects.ogsa-wg/d ocman.root.working_drafts.security_profile_1_0/doc13560/23 Changes: - accepted all the change trackers - updated the acknowledgement section - updated the extensibility points since those of the extended profile had been updated - added a sentence on the extensibility points E009 and E011 - updated Table 6 - a number of changes, mainly gramatical errors Best regards, Takuya ---- Takuya Mori moritaku@bx.jp.nec.com / tk-mori@isd.nec.co.jp System Platform Software Development Division NEC Corporation, Tokyo Japan -- ogsa-wg mailing list ogsa-wg@ogf.org http://www.ogf.org/mailman/listinfo/ogsa-wg
Thanks Marty for your comments.
The text that is new in Section 3 has the same problem that Von Welch (correctly) identified with the previous version:
The document references the "Basic-Security-Profile" in section 3.2.1. I was confused at first as to whether this was the OGSA BSP or the WS-I BSP. I suggest this usage include the full title of the document being referenced.
Instead of writing "Basic Security Profile 1.0", can't you write "WS-I Basic Security Profile 1.0"? And instead of "Profile", can't you write "OGSA Security Profile 1.0 - Secure Channel"? (If indeed this is what you mean). And please change it in ALL places in the text, not just this single
Yes, there were some editorial typos in the version 24. Actually, we defined the term "the Profile" and "Basic-Security-Profile" in section 1 (page 1, line 65) and section 1.3 (page 4, line 129). And section 3.2.1 refers the later adequately but section 3 on page 5 does not refer this defined special term (thus I've fixed these in new version). line. Given that we have the above defined terms. We use terms "Basic-Security-Profile" and "the Profile" consistently through this specification. I believe I've fixed these problem in version 25.
More broadly, I'm not sure what makes THIS one (the "secure channel") *NOT*a "BASIC Profile", while "core" is a "BASIC" profile. They're both optional to OGSA services, so arguably "BASIC" should be removed from the title of "core" as well. Stated differently, I question the logic of referring to something that addresses the fringe concept of "key information binding to an endpoint reference" as "BASIC" and referring to something that essentially just talks about TLS/SSL as apparently *NOT* "BASIC".
Secure channel covers transport level security only and does not cover message level security (as explained in page 3, line 101-104). On the other hand, Core profile "Key Information Binding to Endpoint Reference" covers both TLS and MLS. This is the reason we think only "core profile" should be OGSA basic security profile. I've upload revised version (v25) of secure channel profile into GridForge. I want to submit this version to the OGF editor before OGF19. - https://forge.gridforum.org/sf/go/doc13560 Again, thank you very much. Your feedback is very helpful. If you have any farther comments, please let us know. ---- Hiro Kishimoto Marty Humphrey wrote:
The text that is new in Section 3 has the same problem that Von Welch (correctly) identified with the previous version:
The document references the "Basic-Security-Profile" in section 3.2.1. I was confused at first as to whether this was the OGSA BSP or the WS-I BSP. I suggest this usage include the full title of the document being referenced.
Here's one example of the text that needs to be clarified:
" Note that while section 4.2 of the Basic Security Profile 1.0 mandates, recommends, and discourages support for certain ciphersuites, the Basic Security Profile 1.0 does not prohibit use of any specific ciphersuite. While section 3.3, 3.4 and 3.5 of the Profile prohibits certain ciphersuites, the Profile does not prohibit use of any specific ciphersuite other than those."
Instead of writing "Basic Security Profile 1.0", can't you write "WS-I Basic Security Profile 1.0"? And instead of "Profile", can't you write "OGSA Security Profile 1.0 - Secure Channel"? (If indeed this is what you mean). And please change it in ALL places in the text, not just this single line.
More broadly, I'm not sure what makes THIS one (the "secure channel") *NOT* a "BASIC Profile", while "core" is a "BASIC" profile. They're both optional to OGSA services, so arguably "BASIC" should be removed from the title of "core" as well. Stated differently, I question the logic of referring to something that addresses the fringe concept of "key information binding to an endpoint reference" as "BASIC" and referring to something that essentially just talks about TLS/SSL as apparently *NOT* "BASIC".
-- Marty
-----Original Message----- From: ogsa-wg-bounces@ogf.org [mailto:ogsa-wg-bounces@ogf.org] On Behalf Of Takuya Mori Sent: Tuesday, December 05, 2006 6:07 AM To: ogsa-wg@ogf.org Subject: [ogsa-wg] [update] OGSA Security Profile 1.0 - Secure Channel
Dear All,
I have updated the SP - SC document as we discussed in the Nov 27 conference call, and I think it's ready for FINAL CALL.
Please have a look through the document. Any comments are welcomed.
The updated version of the profile is available on GridForge. OGSA Security Profile 1.0 - Secure Channel: https://forge.gridforum.org/sf/docman/do/downloadDocument/projects.ogsa-wg/d ocman.root.working_drafts.security_profile_1_0/doc13560/23
Changes: - accepted all the change trackers - updated the acknowledgement section - updated the extensibility points since those of the extended profile had been updated - added a sentence on the extensibility points E009 and E011 - updated Table 6 - a number of changes, mainly gramatical errors
Best regards, Takuya
---- Takuya Mori moritaku@bx.jp.nec.com / tk-mori@isd.nec.co.jp System Platform Software Development Division NEC Corporation, Tokyo Japan -- ogsa-wg mailing list ogsa-wg@ogf.org http://www.ogf.org/mailman/listinfo/ogsa-wg
-- ogsa-wg mailing list ogsa-wg@ogf.org http://www.ogf.org/mailman/listinfo/ogsa-wg
participants (5)
-
Andreas Savva -
Djaoui, A (Abdeslem) -
Hiro Kishimoto -
Marty Humphrey -
Takuya Mori