Morris, that looks like a great start on a specification/profile for a delegation protocol to be used for acquiring credentials (i.e., X.509 proxy certificates). Revisiting our earlier telecon in which we discussed "separation of concerns", Andrew and I suggest that we address our (relatively orthogonal) security issues individually, in stages: 1. *Profile the security mechanisms that affect the wire and message format of simple "request" and "request-response" message exchange patterns. *This would entail providing ourselves with "a place to hang our hat on" regarding even simple interoperability issues, such as various aspects of SSL/TLS and SOAP. This step would also include the profiling of secure communication mechanisms that affect simple messages (e.g., required token types, cryptographic actions, protocols, etc.). This is the scope in which we would want to describe our two conformance targets, allowing us to profile technologies like X.509 proxy certificates (and how they may encapsulate X.509 attribute certificates), SAML attribute assertions, and nail down a format in which these two types of attributes can describe aspects of virtual organization membership. Andrew and I have put together a rough sketch at what something like this might look like (*see attached *). 2. *Profile mechansisms for token acquisition, token exchange, key distribution, etc*. This is where your efforts above fit in: the protocols by which endpoints can obtain proxy certificates for delegation. This would also be a place where we can nail down authentication and single-sign-on services (e.g., WS-Trust, VOMS, MyProxy, etc.). 3. *Profile mechanisms for the distribution of endpoint metadata.* This would answer questions such as "*Where do I go to find certain types of resources?*" and "*How can I obtain information that tells me how to interact with a given resource?*". This is where we can nail down aspects of varous types of directory and discovery services (e.g., LDAP, RNS, etc.). 4. *Profile mechanisms by which roots-of-trust are brokered amongst communicating parties.* The establishment of trust relationships amongst virtual organization participants is a prerequisite for multi-domain authentication and authorization schemes. There is one more security-related concern: *Mechanisms for authorization. *Fortunately we have primarily been discussing a "push-style" of credentially (as opposed to "pull" or "agent" models), which should allow us to treat the decision-making process in which application-layer actions are authorized as being as out-of-scope. I've put together a strawman for (1) above, see attached. -Duane On Wed, Mar 4, 2009 at 5:08 PM, Moreno Marzolla <moreno.marzolla@pd.infn.it>wrote:

Dear all,

I just uploaded to gridforge:

http://forge.gridforum.org/sf/go/doc15549?nav=1

a very early draft for a proposal of a "PGI Transport Level Security profile", which uses X509 proxy certificates + a delegation port-type for authentication and credential delegation.

At the moment the document just states what has already be said during the PGI teleconferences. I hope it will be useful for tomorrow discussion at OGF, and eventually evolve in the near future into a full specification (which at the moment is definitely not).

Moreno.

-- Moreno Marzolla INFN Sezione di Padova, via Marzolo 8, 35131 PADOVA, Italy EMail: moreno.marzolla@pd.infn.it Phone: +39 049 8277047 WWW : http://www.dsi.unive.it/~marzolla Fax : +39 049 8756233

_______________________________________________ Pgi-wg mailing list Pgi-wg@ogf.org http://www.ogf.org/mailman/listinfo/pgi-wg