On Feb 19, 2006, at 1:35 PM, Andre Merzky wrote:
Hi John, I'm afraid that the document does not help too much, for several reasons.
For one, it is describing requirements - so it poses similar questions as SAGA does, but does not provide a answer really.
I think then that my point was not clear. SAGA lacks a clear statement of security requirements. The ACE security document does a good job of enumerating their requirements -- its something ACE did correctly despite the lack of follow-through on the results. It certainly makes conversations with members of the security community more focused when you have a clear statement of requirements laid out for them.
Also, it is very AG-centric - e.g. data management is only mentioned in respect to files shared for an AG session, or for the purpose of immersed visualization etc.
I agree. In fact, I think I said so in my original message.
And finally I am afraid that the ACE group went into hibernate mode - they seem not to have picked up their requirement document, and developed a solution on top of that.
Well, having said that, I think it provides an excellent sanity check for our own security requierements, and should help us to complete what we learned from the use cases In particular the viz use cases we have).
Cheers, Andre.
Quoting [John Shalf] (Feb 19 2006):
Cc: mulmo@pdc.kth.se, skow@mcs.anl.gov From: John Shalf
Subject: Re: [saga-rg] Re: SAGA and Security Date: Sun, 19 Feb 2006 13:22:30 -0800 To: Andre Merzky , SAGA RG I don't know if this will help or hurt the discussion, but has everyone had an opportunity to read the ACE-grid security document? It refers to itself as addressing security for "collaborative environments," but they go through a number of use cases that are very relevant to SAGA. Deb Agarwal and Markus Lorch also contributed an excellent discussion of implementations and scenarios for reasonable security implementations . It may help bring us SAGA members up-to-speed on some aspects of the security model considerations.
http://www.ggf.org/documents/GFD.43.pdf
On Feb 13, 2006, at 12:58 AM, Andre Merzky wrote:
Hi group,
we managed to corner the Security Area ADs at GGF in Athens, and to get some statements from them in respect to:
"What security paradigms are generically available in Grids, and what should be exposed to the end user?"
Well, their answer was basically, that there is no agreed upon approach in the scope of GGF, so, the best we can do is to look at Grid implementations, and abstract/generalize their security paradigms.
A viable approach in their opinion would be to base security settings on strings, and allow the implementation to interpret them accordingly. That approach is very close to what we have right now for sessions, and what we want to have for streams
-- "So much time, so little to do..." -- Garfield