Add to collection(s) Add to saved
  1. No category

Report of GGF16 Meeting Athens 13-15 Feb 2006

advertisement 
Report of GGF16 Meeting Athens 13-15 Feb 2006
As usual, a major benefit from attending GGF meetings is the unprecedented ability to
network with a large group of researchers who are closely involved with similar research
issues to oneself. This meeting was no exception, and the author managed to talk to many
people about forming a Network of Excellence in grid security. Should such a NoE be
formed, this will of course have major benefits to UK e-Science.
OGSA Authz WG
The author co-chaired the WG meeting with Von Welch. The meeting initially discussed
the revised charter that the author had circulated prior to the meeting. A number of
additional issues and deliverables were added to the revised charter, and an updated
version will be distributed to the list by the author in due course. The author then
presented his vision for how authorisation in VOs should evolve from where we are
today, with the additional of an attribute credential validation service (CVS). The
functionality of this module is to ensure that the attribute credentials are valid, prior to
making an authorisation decision, and extract the valid attributes. Invalid credentials will
be discarded. There was wide agreement in the group that this functionality is needed,
and that current PDPs such as XACML expect to receive already validated attributes.
Standardisation of a protocol for talking between the PEP and the CVS is a proposed
deliverable in the revised charter.
Nate Klingenstein from Internet 2 gave a short talk at the end of the meeting about the
problems of authorisation using the attributes from multiple attribute authorities (AAs).
The problem arises because the user is typically known with different identities in each
AA. He suggested two models. The easiest to implement model is where attribute
credentials issued by multiple remote Attribute Authorities (AAs) are validated by the
Identity Provider’s local AA, their signatures are stripped off, and the attributes are
combined with the local ones and transferred to the Service Provider (SP) as one
combined attribute credential. The SP then only needs to validate one credential.
However, this model is weak from a trust perspective, since the local AA is asserting that
a user has attributes which it is not an authoritative source for. The more difficult model
to implement is one in which the SP actually retrieves the attribute credentials from
multiple AAs. How does the SP know the different identities of the user that are used by
each AA?
After the meeting the author thought about this problem, and on the following day wrote
an outline solution to the problem. It is expected that this will be submitted to the
Internet2 consortium for review, and then finalised for presentation at a conference later
this year1.
A paper entitled “Authorisation using Attributes from Multiple Authorities” was subsequently submitted
to WET-ICE 2006, and got the best paper award in the ST workshop.
1
Shibboleth Globus Toolkit BoF
This BOF was chaired by Von Welch, and was split over two days. The first day
comprised 7 presentations from researchers who are working on different aspects of
merging these two technologies together. The author gave a short talk about his
GridShibPERMIS and GT-PERMIS projects. Participants from the University of
Manchester gave a short talk about the SHEBANGS project.
The second day comprised a discussion of the various issues and drawing up a list of
actions that should be undertaken.
This work is of importance to the UK, since JISC is supporting the rollout of Shibboleth
to university computing services, whilst the NGS is based on Globus Toolkit. Clearly the
merging of Shibboleth and GT technologies will be beneficial to UK e-Science.
Security Area Group Meeting
Various presentations were given, the most noteworthy being from Blair Dillaway of
Microsoft who gave his vision of future grid security, and the numerous issues that need
to be addressed before we get there.
GGF Chairs Update
This meeting updated chairs with the new facilities that will soon become available on
GridForge, plus other issues of importance to the GGF e.g. upcoming merger with EGF.
Related documents
10-23-2009 Minutes
10-23-2009 Minutes
Report of GGF 14 Meeting, Chicago, 25-29 June 2005 OGSA-Authz Meeting
Report of GGF 14 Meeting, Chicago, 25-29 June 2005 OGSA-Authz Meeting
OneR algorithm
OneR algorithm
For357/557 Practical Vector GIS ... NAME ON BACK , UPPER RIGHT CORNER
For357/557 Practical Vector GIS ... NAME ON BACK , UPPER RIGHT CORNER
Download
advertisement