I, for one, am interested in a profile like this. The Kerberos Token Profile seems fine for the authentication step, but one of our main use cases is the forwarding of Kerberos tokens for subsequent use in the environment of jobs and the like, and I don't think the Kerberos Token Profile covers this at all. -- Chris On 02/7/07 14:51, "Blair Dillaway" <blaird@microsoft.com> wrote:

Duane Merrill wrote:

...

A question for the group: Would it be a good idea to also profile a Kerberos message-level binding assertion policy within the

It might be a good idea and provide value to the community. Before we decide, I think we need to get a better sense of how important a new Kerberos interoperability profile is from the people who deploy and/or provide solutions for organizational grids where Kerberos is already present. If you're in one of these categories, your input would be appreciated.

Are there specific grid scenarios where supporting a Kerberos message authentication option is critical? Do you feel the existing OASIS "Web Services Security Kerberos Token Profile v1.1" specification an adequate basis for grid web services interoperability?

Regards, Blair Dillaway

-- ogsa-wg mailing list ogsa-wg@ogf.org http://www.ogf.org/mailman/listinfo/ogsa-wg

Hi Chris and Bill, Thank you very much for your notes. Based on the discussion we've had July 2 call, Andrew is now collecting *real* Kerberos use case. We would very much appreciate if you could give us ones. Draft minutes from July 2nd.

- A question for the group: Would it be a good idea to also profile a Kerberos message-level binding assertion policy within the OGSA-SPSecureSoapMessaging profile? The document currently profiles X.509 and Username Token binding policies, primarily because of their widespread use / ease-of-adoption. Thoughts? o Technically reasonable – potential warning of complications when trying to merge capabilities (scope creep). However suggest that if your service requires Kerberos, then the profile would state how a Kerberos message would be handled. o Consensus: After a SAML discussion, agreed to leave SAML out of express AuthN for now

- Use-case discussion o Use-Case discussions regarding interactions between different Grid systems, having gone through X.509 adoption….might have been happy to just use Kerberos. Depends on domain, as cross-domains can be difficult, in which case X.509 might be better – would like to hear from Enterprise Grids. Which portions of system? Integration is important (flexibility). - Andrew proposes: Proceed along current course while reaching out to communities to determine Kerberos usage and need for inclusion or separate document. o Consensus: Sounds reasonable. (6:33pm).

https://forge.gridforum.org/sf/go/doc14654 Thanks again, ---- Hiro Kishimoto -------- Original Message -------- Subject: Re:[ogsa-wg] Updated Express AuthN Profile docs From: <bill@computer.org> To: 'ogsa-wg' <ogsa-wg@ogf.org> Date: 2007/07/04 2:00

Hi,

I agree -- the real use case for us involves forwarding tokens too.

Best regards,

- bill

-----Original Message----- From: ogsa-wg-bounces@ogf.org [mailto:ogsa-wg-bounces@ogf.org] On Behalf Of Christopher Smith Sent: Tuesday, July 03, 2007 8:58 AM To: Blair Dillaway; Duane Merrill; ogsa-wg Subject: Re: [ogsa-wg] Updated Express AuthN Profile docs

I, for one, am interested in a profile like this. The Kerberos Token Profile seems fine for the authentication step, but one of our main use cases is the forwarding of Kerberos tokens for subsequent use in the environment of jobs and the like, and I don't think the Kerberos Token Profile covers this at all.

-- Chris

On 02/7/07 14:51, "Blair Dillaway" <blaird@microsoft.com> wrote:

...

Duane Merrill wrote:

...

A question for the group: Would it be a good idea to also profile a Kerberos message-level binding assertion policy within the It might be a good idea and provide value to the community. Before we decide, I think we need to get a better sense of how important a new Kerberos interoperability profile is from the people who deploy and/or provide solutions for organizational grids where Kerberos is already present. If you're in one of these categories, your input would be appreciated.

Are there specific grid scenarios where supporting a Kerberos message authentication option is critical? Do you feel the existing OASIS "Web Services Security Kerberos Token Profile v1.1" specification an adequate basis for grid web services interoperability?

Regards, Blair Dillaway

-- ogsa-wg mailing list ogsa-wg@ogf.org http://www.ogf.org/mailman/listinfo/ogsa-wg

-- ogsa-wg mailing list ogsa-wg@ogf.org http://www.ogf.org/mailman/listinfo/ogsa-wg

-- ogsa-wg mailing list ogsa-wg@ogf.org http://www.ogf.org/mailman/listinfo/ogsa-wg

Apologies for multiple copies due to cross postings. Please send to interested colleagues and students CALL FOR PAPERS ------------------------------------------------------------------------- Third International Workshop "Dependability Aspects on Data WArehousing and Mining applications" DAWAM 2008. http://www.ares-conference.eu/conf/ --> Workshops -->DAWAM http://www.ares-conference.eu/conf/index.php?option=com_content&task=view&id =35 ------------------------------------------------------------------------- in conjunction with The Third International Conference on Availability, Reliability and Security - ARES 2008 (http://www.ares-conference.eu/conf/) March 4th – 7th, 2008 Polytechnic University of Catalonia, Barcelona, Spain Overview -------- Nowadays, the rapid growth of information technologies has brought tremendous opportunities for data sharing, integration, and analysis across multiple distributed, heterogeneous data sources. In the past decade, data warehousing and mining are the well-known technologies used for data analysis and knowledge discovery in vast domain of applications. Data mining technology has emerged as a means of identifying patterns and trends from large quantities of data. Data mining has used a data warehousing model of gathering all data into a central site, then running an algorithm against that data. A growing attention has been paid to the study, development and application of data warehousing and mining. Nevertheless, dependability aspects in these applications such as availability, reliability, integrity, privacy, and security issues are still being investigated. For example, in data warehousing applications, privacy considerations may prevent the approach of collecting data into the centralized warehouse because each data source has different privacy policy. Furthermore, the complexity of security increases as different sources of information are combined. Reliable, consistent and trustworthy of information are also significant requirements in data warehousing applications. Data mining has been shown to be beneficial in confronting various types of attacks to computer systems such as fraud detection, intrusion prevention. In some applications, e.g. clinic information system, government management, business competitive information, it is required to apply the mining algorithms without observing the confidential data values thus demands the privacy preservation. There are also many challenging issues that need further investigation in the context of data mining from both privacy and security perspectives such as mining of imbalanced data, bioinformatics data, streaming data, ubiquitous computing data, grid computing data etc. The goals of this workshop are to bring together users, engineers and researchers (from industry and academy) alike to present their recent work, discuss and identify problems, synergize different views of techniques and policies, and brainstorm future research directions on various dependability aspects of data warehousing and data mining applications. We strongly encourage researchers and practitioners with interest in the areas of reliability, availability, privacy and security, databases, data warehousing, data mining, and statistics to submit their experience, and/or research results. Topics related to any of dependability aspects in data warehousing and mining, theory, systems and applications are of interest. These include, but are not limited to the following areas: · Dependability and fault tolerance · High Availability and Disaster Recovery · Survivability of evaluative systems · Reliability and Robustness Issues · Accuracy and reliability of responses · Reliable and Failure Tolerant Business Process Integration · Reliable Event Management and Data Stream Processing · Failure Tolerant and trustworthy Sensor Networks · Highly available data warehouses for business processes integration · Handling different or incompatible formats, and erroneous data · Privacy and security policies and social impact of data mining · Privacy preserving data integration · Access control techniques and secure data models · Encryption & Authentication · Pseudonymization and Encryption · Anonymization and pseudonymization · Trust management, and security · Security in Aggregation and Generalization · User Profile Based Security · Secure multi-party computation · Secondary use of personal data, clinic data, credit record · Fraud and misuse detection · Intrusion detection and tolerance · Data mining applications for terrorist detection · Private queries by a (semi-trusted) third party · Query authentication, logging, auditing, access control and authorization policies The program of the workshop will be a combination of invited talks, paper/poster presentations and discussions. Important Dates --------------- Submission Deadline: November, 16th 2007 Author Notification: December, 17th 2007 Author Registration: December, 31st 2007 Proceedings Version: January, 15th 2007 Conference/Workshop: March 10-13th, 2008 Submission Guidelines --------------------- Authors are invited to submit research and application papers in IEEE Computer Society Proceedings Manuscripts style (two columns, single-spaced, including figures and references, using 10 fonts, and number each page). You can confirm the IEEE Computer Society Proceedings Author Guidelines at the following web page: URL: http://www.ieee.org/portal/cms_docs/pubs/confpubcenter/pdfs/samplems.pdf http://www.icst.org/download/authorskit/ieeetemplate.doc Submission are classified into 2 categories (1) full paper (8 pages) and (2) short paper (5 pages) representing original, previously unpublished work. Submitted papers will be carefully evaluated based on originality, significance, technical soundness, and clarity of exposition. Contact author must provide the following information: paper title, authors' names, affiliations, postal address, phone, fax, and e-mail address of the author(s), about 200-250 word abstract, and about five keywords and register at our ARES website: http://www.ares-conference.eu/conf/ and select DAWAM workshop submission. You can also prepare your paper in PDF file and send it to the workshop co-chair: Prof. Bhavani Thuraisingham, The University of Texas at Dallas, USA (bhavani.thuraisingham@utdallas.edu) or Dr. Nguyen Manh Tho, Institute of Software Technology, Vienna University of Technology, Austria (tho@ifs.tuwien.ac.at) Submission of a paper implies that should the paper be accepted, at least one of the authors will register and present the paper in the conference. Accepted papers will be given guidelines in preparing and submitting the final manuscript(s) together with the notification of acceptance. Publication ----------- All accepted papers (full and short papers) will be published as ISBN proceedings published by IEEE Computer Society. Based on quality and referee reviews, some papers not suitable for acceptance as full paper will be accepted for presentation at DAWAM 2008 as short paper or Poster presentation category and will be also included in the IEEE Proceedings. Like in DAWAM 2007, A selected number of DAWAM 2008 best papers will be nominated to be published as special issues in appropriate journals such as International Journal of Business Intelligence and Data Mining (IJBIDM), Journal of automatic and trusted computing (JoATC). Workshop Organizer Co-chairs ---------------------------- Bhavani Thuraisingham, Prof. Director of the Cyber Security Research Center Erik Jonsson School of Engineering and Computer Science The University of Texas at Dallas, USA bhavani.thuraisingham@utdallas.edu Nguyen Manh Tho, Ph.D. (main contact) Institute of Software Technique and Interactive System, Vienna University of Technology, Favoriten strasse 9-11/188 A1040 Vienna, Austria tho@ifs.tuwien.ac.at Program Committee ----------------- Jemal Abawajy, Deakin University, Australia Mikhail Atallah, Purdue University, USA Davide Balzarotti, University of California, USA Barbara Carminati, University of Insubria at Varese, Italy Pawan Chowdhary, IBM T J Watson Research Center, USA Hervé Debar, France Télécom R&D, France Josep Domingo-Ferrer, Rovira i Virgili University of Tarragona, Spain Ulrich Flegel, SAP Research CEC Karlsruhe, Germany Jimmy Huang, York University, Canada Kwok-Yan Lam, Tsinghua University, China Xue Li, The University of Queensland, Australia Zongwei Luo, University of Hong Kong, China Nasrullah Memon, Aalborg University, Denmark Taneli Mielikäinen, Nokia Research Center Palo Alto, USA Anirban Mondal, University of Tokyo, Japan Tho-Manh Nguyen, Vienna University of Technology, Austria Torsten Priebe, Capgemini Consulting Österreich AG, Austria Raghav Rao, SUNY at Buffalo, USA Yucel Saygin, Sabanci University, Turkey Josef Schiefer, Senactive IT-Dienstleistungs GmbH, Austria Ben Soh, La Trobe University, Australia Toshihiro Tabata, Okayama University, Japan David Taniar, Monash University, Australia Bhavani Thuraisingham, The University of Texas at Dallas, USA Vassilios S. Verykios, University of Thessaly, Greece Duminda Wijesekera, George Mason University, USA Yang Yanjiang, Singapore Management University, Singapore Justin Zhan, Carnegie Mellon University, USA Sheng Zhong, State University of New York at Buffalo, USA