#1321: Discovery of key-info for encryption in message level security Service Group Profile/ EPR embedding Use cases: When a client wants to send any encrypted message to a service, it will have to know the key associated with that service. When a client wants to make a policy decision whether or not it wants a certain service to serve its request, it has to know the service's key-info. Considerations: We have to assume that WS-I or some other organization will get its act together in the future to define a standardized profile for the embedding of the service's key-info in the EPR, and that that profile will then be supported by all vendors world-wide. Unfortunately, we cannot expect this to happen on any time scale that can accommodate our upcoming releases and Grid deployments in the near future. In order for our different implementation to talk to each other securely, we have to have agreements in place about where one party will put the key-info such that another party can find it. So we need to have a solution in place "now", no matter what, and we have to be prepared to change that method to the standardized one once it becomes available. This means that we will have to implement this (at least) twice. But note again that there is no alternative - we have to live with this. It may be politically better, however, to use words like "tactical-agreement" instead of "standard" for whatever method we choose, in order to emphasize that we are committed to follow what ever comes out of WS-I and friends over time. Hopefully that would make it easier for some of our partner vendors to work on a tactical-agreement without stepping on the toes of their colleagues who work on the concurrent WS-I efforts. -- Frank Siebenlist franks@mcs.anl.gov The Globus Alliance - Argonne National Laboratory