To All, My previous today's mail shows that the security work of PGI is now stuck into irreconcilable incompatibility between : - RFC-3820-compliant X509 certificates and proxies on one part, - GSI-style X509 proxies (which can be delegated) on the other part. But there is some hope : At the last MWSG meeting in Zürich, David GROEP has performed a presentation 'AuthZ Interop report' available at http://indico.cern.ch/materialDisplay.py?contribId=22&sessionId=3&materialId=slides&confId=52862 This presentation describes current work in good progress begun in 2007 on security interoperability between OSG and EGEE, with the help of Globus and Condor teams. This work uses the Common Open Policy Service (COPS) model defined in RFC 2748 at http://tools.ietf.org/html/rfc2748 COPS defines at least following 2 concepts : - PDP = Policy Decision Point - PEP = Policy Enforcement Point Interoperability is achieved through an AuthZ Interop Profile, based on the SAML v2 profile of XACML v2. There are production deployments in OSG and EGEE. So I suggest that, before reinventing the wheel, we study in detail the above mentioned document, in order to quickly know : - The problems which they are encountering, - The solutions which they are founding, - The interoperable components which they are deploying and which we could reuse, - ... Best regards. ---------------------------------- Etienne URBAH IN2P3 - LAL Bat 200 91898 ORSAY France Tel: +33 1 64 46 84 87 Mob: +33 6 22 30 53 27 Skype: etienne.urbah mailto:urbah@lal.in2p3.fr ----------------------------------