Hi PGI security folks, currently I see five major elements in terms of security related to PGI: (1) Authentication/Attribute-based Authorization (i.e. plumbings as named earlier), maybe first push-based before looking at pull-based models - although, this of course, can be discussed as well among us. (2) Agreement on Definition/Semantics/Structure of Attributes (3) Encoding of delegation restriction/constraints (4) Interface of delegation service (maybe based on subset of WS-Trust) (5) Agreement on third party credentials transportation (e.g. a delegated GridFTP proxy/SAML assertion-based access for data-staging during BES submissions) As a starting point - have I forgot something in this enumeration? If so - please answer to this thread. In terms of priorities, I would suggest to focus first on number one, but of course feel free to comment within this thread. Your co-chair, Morris P.S. I cc'ed the area director of security (David Groep) to ensure that we did not duplicate efforts done elsewhere (i.e. in the OGSA-AuthZ group). We have been in touch about a few security issues raised in GIN earlier. CIAO. ------------------------------------------------------------ Morris Riedel SW - Engineer Distributed Systems and Grid Computing Division Jülich Supercomputing Centre (JSC) Forschungszentrum Juelich Wilhelm-Johnen-Str. 1 D - 52425 Juelich Germany Email: m.riedel@fz-juelich.de Info: http://www.fz-juelich.de/jsc/JSCPeople/riedel Phone: +49 2461 61 - 3651 Fax: +49 2461 61 - 6656 Skype: MorrisRiedel "We work to better ourselves, and the rest of humanity" Sitz der Gesellschaft: Jülich Eingetragen im Handelsregister des Amtsgerichts Düren Nr. HR B 3498 Vorsitzende des Aufsichtsrats: MinDirig'in Bärbel Brumme-Bothe Vorstand: Prof. Dr. Achim Bachem (Vorsitzender), Dr. Ulrich Krafft (stellv. Vorsitzender)