Comments: BOF at GGF 19 can be used to set deliverables and provide detailed milestones for this work group. Leadership and charter should be reviewed by new Security Area Directors. http://www.ggf.org/gf/group_info/charter.php?review&group=OGSA-AuthN-WG Alan Sill TIGRE Senior Scientist High Performance Computing Center TTU ==================================================================== : Alan Sill, Texas Tech University Office: Admin 233, MS 4-1167 : : e-mail: Alan.Sill@ttu.edu ph. 806-742-4350 fax 806-742-4358 : ====================================================================
Thanks Alan, I agree to have charter BoF at OGF19 in order to complete WG creation. Thus I prefer to bring draft charter including concrete deliverables and detailed milestones (and use BoF session to adjust or improve them). The following is my thoughts off the top of my head.
1) Review existing security profiles resulting from previous efforts of the Security area and security design group from the OGSA-WG effort
a) Compare them to existing technology and best practices in the community and check for consistency of coverage
b) Document authentication profiles that may be missing or incomplete
c) Review mature and maturing technologies likely to affect the above best practices for grid services
The above topics will end up to "OGSA AuthN Community Practice document (GFD-C)."
2) Provide an AuthN development roadmap to compare with the overall OGSA roadmap
This should also include OGSA Authentication architecture and will be informational document (GFD-I).
3) Spawn any subgroups and/or suggest associated research groups that may be necessary for consistent development in this area.
Since it is not output document. It may be optional or a part of exit strategy. Since this is working group, you also need to answer the following 7 questions. -------------------------------------------------------------------- The Seven Questions 1. Is the scope of the proposed group sufficiently focused? 2. Are the topics that the group plans to address clear and relevant for the Grid research, development, industrial, implementation, and/or application user community? 3. Will the formation of the group foster (consensus–based) work that would not be done otherwise? 4. Do the group’s activities overlap inappropriately with those of another OGF group or to a group active in another organization such as IETF or W3C? Has the relationship, if any, to the Open Grid Services Architecture (OGSA) been determined? 5. Are there sufficient interest and expertise in the group’s topic, with at least several people willing to expend the effort that is likely to produce significant results over time? 6. Does a base of interested consumers (e.g., application developers, Grid system implementers, industry partners, end-users) appear to exist for the planned work? 7. Does the OGF have a reasonable role to play in the determination of the technology? Thanks, ---- Hiro Kishimoto Alan Sill wrote:
Comments: BOF at GGF 19 can be used to set deliverables and provide detailed milestones for this work group.
Leadership and charter should be reviewed by new Security Area Directors.
http://www.ggf.org/gf/group_info/charter.php?review&group=OGSA-AuthN-WG
Alan Sill TIGRE Senior Scientist High Performance Computing Center TTU
==================================================================== : Alan Sill, Texas Tech University Office: Admin 233, MS 4-1167 : : e-mail: Alan.Sill@ttu.edu ph. 806-742-4350 fax 806-742-4358 : ====================================================================
-- ogsa-wg mailing list ogsa-wg@ogf.org http://www.ogf.org/mailman/listinfo/ogsa-wg
Thank you, Hiro, for these helpful comments and this very useful guidance in the process. Should I (and others interested in this topic) work with the new Security ADs on the answers to these questions now, or use the BoF to do so (or some hybrid)? Thanks, Alan On Oct 23, 2006, at 9:29 PM, Hiro Kishimoto wrote:
Thanks Alan,
I agree to have charter BoF at OGF19 in order to complete WG creation. Thus I prefer to bring draft charter including concrete deliverables and detailed milestones (and use BoF session to adjust or improve them).
The following is my thoughts off the top of my head.
1) Review existing security profiles resulting from previous efforts of the Security area and security design group from the OGSA-WG effort a) Compare them to existing technology and best practices in the community and check for consistency of coverage b) Document authentication profiles that may be missing or incomplete c) Review mature and maturing technologies likely to affect the above best practices for grid services
The above topics will end up to "OGSA AuthN Community Practice document (GFD-C)."
2) Provide an AuthN development roadmap to compare with the overall OGSA roadmap
This should also include OGSA Authentication architecture and will be informational document (GFD-I).
3) Spawn any subgroups and/or suggest associated research groups that may be necessary for consistent development in this area.
Since it is not output document. It may be optional or a part of exit strategy.
Since this is working group, you also need to answer the following 7 questions.
-------------------------------------------------------------------- The Seven Questions
1. Is the scope of the proposed group sufficiently focused?
2. Are the topics that the group plans to address clear and relevant for the Grid research, development, industrial, implementation, and/or application user community?
3. Will the formation of the group foster (consensus–based) work that would not be done otherwise?
4. Do the group’s activities overlap inappropriately with those of another OGF group or to a group active in another organization such as IETF or W3C? Has the relationship, if any, to the Open Grid Services Architecture (OGSA) been determined?
5. Are there sufficient interest and expertise in the group’s topic, with at least several people willing to expend the effort that is likely to produce significant results over time?
6. Does a base of interested consumers (e.g., application developers, Grid system implementers, industry partners, end-users) appear to exist for the planned work?
7. Does the OGF have a reasonable role to play in the determination of the technology?
Thanks, ---- Hiro Kishimoto
Alan Sill wrote:
Comments: BOF at GGF 19 can be used to set deliverables and provide detailed milestones for this work group. Leadership and charter should be reviewed by new Security Area Directors. http://www.ggf.org/gf/group_info/charter.php?review&group=OGSA- AuthN-WG Alan Sill TIGRE Senior Scientist High Performance Computing Center TTU ==================================================================== : Alan Sill, Texas Tech University Office: Admin 233, MS 4-1167 : : e-mail: Alan.Sill@ttu.edu ph. 806-742-4350 fax 806-742-4358 : ==================================================================== -- ogsa-wg mailing list ogsa-wg@ogf.org http://www.ogf.org/mailman/listinfo/ogsa-wg
Alan Sill TIGRE Senior Scientist High Performance Computing Center TTU ==================================================================== : Alan Sill, Texas Tech University Office: Admin 233, MS 4-1167 : : e-mail: Alan.Sill@ttu.edu ph. 806-742-4350 fax 806-742-4358 : ====================================================================
Alan Sill wrote:
Should I (and others interested in this topic) work with the new Security ADs on the answers to these questions now, or use the BoF to do so (or some hybrid)?
When I've done this sort of thing in the past, we worked on getting answers to all of them ready for the BoF, and discussed them at the BoF to see whether people other than the prospective chairs agreed. Like that you're not turning up with a blank piece of paper (not a good way to get things done!) and yet you're still in a position to take input from the community. If it worked for us, it'll probably work for you too. Donal.
Sounds perfect. Thanks. On Oct 24, 2006, at 9:50 AM, Donal K. Fellows wrote:
When I've done this sort of thing in the past, we worked on getting answers to all of them ready for the BoF, and discussed them at the BoF to see whether people other than the prospective chairs agreed. Like that you're not turning up with a blank piece of paper (not a good way to get things done!) and yet you're still in a position to take input from the community.
If it worked for us, it'll probably work for you too.
Alan Sill TIGRE Senior Scientist High Performance Computing Center TTU ==================================================================== : Alan Sill, Texas Tech University Office: Admin 233, MS 4-1167 : : e-mail: Alan.Sill@ttu.edu ph. 806-742-4350 fax 806-742-4358 : ====================================================================
Alan, Hiro: I agree with the approach you're taking. Having a draft charter in advance of the BOF is probably the best way to build interest and focus the discussion. As Hiro notes, you should follow the charter format in GFD-C.3 including the 7 questions. Though you may not be able to complete all the info until after the BOF. I have a few thoughts you may want to consider: 1. The identified deliverables are both very research oriented. The implication is that this work is necessary for you to determine what, if any, standards work might be required in this area. If that's the case, then should this initial effort be done in an RG rather than a WG? 2. I think you should add a list of the key documents that will guide the work under #1 below. It seems critically important to establish the OGSA authentication requirements and the highest priority use cases/scenarios. If you feel this has been adequately addressed, then the appropriate doc(s) should be referenced. It not, then writing such a doc should be part of this deliverable. It pretty hard to decide what authZ profile may be missing or incomplete without that. 3. I would agree that #3 below is more of an exit criteria. If this work is successful, I would expect to see a new charter to developed one or more recommendations. Regards, Blair Dillaway
-----Original Message----- From: Hiro Kishimoto [mailto:hiro.kishimoto@jp.fujitsu.com] Sent: Monday, October 23, 2006 7:29 PM To: Alan Sill Cc: ogsa-wg WG; David Groep; Blair Dillaway Subject: Re: URL for OGSA-AuthN-WG charter (URL for OGSA-WG charter)
Thanks Alan,
I agree to have charter BoF at OGF19 in order to complete WG creation. Thus I prefer to bring draft charter including concrete deliverables and detailed milestones (and use BoF session to adjust or improve them).
The following is my thoughts off the top of my head.
1) Review existing security profiles resulting from previous efforts of the Security area and security design group from the OGSA-WG effort
a) Compare them to existing technology and best practices in the community and check for consistency of coverage
b) Document authentication profiles that may be missing or incomplete
c) Review mature and maturing technologies likely to affect the above best practices for grid services
The above topics will end up to "OGSA AuthN Community Practice document (GFD-C)."
2) Provide an AuthN development roadmap to compare with the overall OGSA roadmap
This should also include OGSA Authentication architecture and will be informational document (GFD-I).
3) Spawn any subgroups and/or suggest associated research groups that may be necessary for consistent development in this area.
Since it is not output document. It may be optional or a part of exit strategy.
Since this is working group, you also need to answer the following 7 questions.
-------------------------------------------------------------------- The Seven Questions
1. Is the scope of the proposed group sufficiently focused?
2. Are the topics that the group plans to address clear and relevant for the Grid research, development, industrial, implementation, and/or application user community?
3. Will the formation of the group foster (consensus-based) work that would not be done otherwise?
4. Do the group's activities overlap inappropriately with those of another OGF group or to a group active in another organization such as IETF or W3C? Has the relationship, if any, to the Open Grid Services Architecture (OGSA) been determined?
5. Are there sufficient interest and expertise in the group's topic, with at least several people willing to expend the effort that is likely to produce significant results over time?
6. Does a base of interested consumers (e.g., application developers, Grid system implementers, industry partners, end-users) appear to exist for the planned work?
7. Does the OGF have a reasonable role to play in the determination of the technology?
Thanks, ---- Hiro Kishimoto
Alan Sill wrote:
Comments: BOF at GGF 19 can be used to set deliverables and provide detailed milestones for this work group.
Leadership and charter should be reviewed by new Security Area Directors.
http://www.ggf.org/gf/group_info/charter.php?review&group=OGSA-AuthN-W
G
Alan Sill TIGRE Senior Scientist High Performance Computing Center TTU
==================================================================== : Alan Sill, Texas Tech University Office: Admin 233, MS 4-1167 : : e-mail: Alan.Sill@ttu.edu ph. 806-742-4350 fax 806-742-4358 : ====================================================================
-- ogsa-wg mailing list ogsa-wg@ogf.org http://www.ogf.org/mailman/listinfo/ogsa-wg
On Oct 23, 2006, at 9:29 PM, Hiro Kishimoto wrote:
The Seven Questions
1. Is the scope of the proposed group sufficiently focused?
The scope of the proposed group is strictly limited to authentication technologies for use within grid services architectures. As such, I believe it is sufficiently focused, although the relation to corresponding activities in authorization and in the activities of other work groups is important and clear.
2. Are the topics that the group plans to address clear and relevant for the Grid research, development, industrial, implementation, and/or application user community?
Authentication is a key security step in any chain of grid services usage. Up to now, most grid applications have either used no security (for testing purposes), a limited and often self-signed configuration again mostly for testing purposes, or have had to rely on pure deployment of X.509 technology infrastructures. Some extensive community practice has grown up in the academic community, especially with regard to deployment at and between the large-scale national laboratories and universities on an international basis, and siloed implementations exist within industry, as well as some federal non-laboratory organizations. It is a goal of this work group to document current practice and to extend the standards basis for development of AuthN technologies within all of the above communities. Another significant output will be recommendations for future work in this area, taking into account all relevant technological development in this area. Interoperability will also be an important factor, of course.
3. Will the formation of the group foster (consensus–based) work that would not be done otherwise?
Yes. Several conversations on related technologies have sprung up naturally within segments of the affected communities, as described above. The existence of an OGSA AuthN work group would allow concentration and coordination of these conversations and recommendations in a context that is explicitly connected to the overall OGSA standards effort.
4. Do the group’s activities overlap inappropriately with those of another OGF group or to a group active in another organization such as IETF or W3C? Has the relationship, if any, to the Open Grid Services Architecture (OGSA) been determined?
There is no other effort exclusively devoted to this task within OGSA. Polling of the membership of other groups active in the authentication and authorization areas has resulted in strong support for the idea of a specific OGSA effort. Groups that have been polled include the following: CA-Ops: Within the current OGF structure, this group is defined as an operations group responsible for Certificate Authority standards and participation. It is the parent body (in a historical sense) of the IGTF described below. International Grid Trust Federation (IGTF): an independent body comprised of three regional policy management authorities (PMAs) with membership consisting of grid certificate authority providers and (in some cases) relying parties with an interest in the operational policies and procedures of the CA providers. The primary mechanism of operation of the IGTF is through the development and common accreditation of CAs against specific, detailed CP/CPS statements within the context of Authentication Profiles (APs); APs exist for "classic PKI" deployments as well as short-lived credential and experimental services. Within the context of the IGTF PMA charters, interest has been growing in improving the variety and accessibility of grid authentication methods while retaining the ability to work with existing grid deployments with high security. OGSA-AuthZ: This group is focused on authorization technologies. A variety of useful documents has been successfully produced through various incarnations of this group to date. Its membership is supportive of a corresponding OGSA-AuthN effort. Shibboleth for Grids BoF: This BoF was held at GGF-18 and its activities are documented at the URL http://grid.ncsa.uiuc.edu/events/ ggf18-shib-bof/ for reference. Although focused primarily on authorization, Shibboleth technologies are consumers of authentication information and a great deal of activity is being devoted to understanding the interaction between Shibboleth and the needs of grids. The participants in the BoF mailing list are strongly supportive of an OGSA-AuthN effort.
5. Are there sufficient interest and expertise in the group’s topic, with at least several people willing to expend the effort that is likely to produce significant results over time?
Yes. A significant short-term effort should be exerted to identify authors of the proposed documents and a co-chair in the near future.
6. Does a base of interested consumers (e.g., application developers, Grid system implementers, industry partners, end-users) appear to exist for the planned work?
Yes. The BoF planned for the next OGF meeting should provide opportunities for organization of work in this area.
7. Does the OGF have a reasonable role to play in the determination of the technology?
Yes, as described above. One specific output of the group that would be made possible by the OGF will be production of an OGF document with recommended standards for OGSA-AUthN. Respectfully submitted, Alan Sill TIGRE Senior Scientist High Performance Computing Center TTU ==================================================================== : Alan Sill, Texas Tech University Office: Admin 233, MS 4-1167 : : e-mail: Alan.Sill@ttu.edu ph. 806-742-4350 fax 806-742-4358 : ====================================================================
participants (4)
-
Alan Sill -
Blair Dillaway -
Donal K. Fellows -
Hiro Kishimoto