Add to collection(s) Add to saved
  1. Social Science
  2. Psychology
  3. Conformity

Report of GGF 14 Meeting, Chicago, 25-29 June 2005 OGSA-Authz Meeting

advertisement 
Report of GGF 14 Meeting, Chicago, 25-29 June 2005
Report prepared by David Chadwick
OGSA-Authz Meeting
This was the first meeting that the author took over as a joint chair with Von Welch.
The status of the current deliverables was briefly discussed – the Attribute document is in
hands of GGF Editor, and the SAML profile document will be at end of WG last call at
end of this week.
Attention is now focussing on the next set of deliverables. David gave a presentation
about authorisation architectures in a multi-domain environment (the slide show is on
Gridforge site at https://forge.gridforum.org/sf/go/doc13703?nav=1). It considered which
components are needed and how the target Source of Authority can remain in control of
the policy for access to its resources. The concept of a Credential Validation Service was
introduced to the group.
Frank Siebenlist gave a similar presentation but from a different viewpoint. This
considered asking remote domains (AAs) if they could help in the credential validation.
Dane raised the issue that if we need to have one network round-trip to each security
service then we have a major performance problem.
There was quite a bit of discussion about the correct way forward. No agreement was
reached, but it was recognised that we needed to constrain the problem space for the next
set of standards, since it will not be possible to standardise everything in the next round.
The meeting then discussed the Charter Revision to cover the next round of
standardisation effort. The first two paragraphs of the existing charter are OK for the
revised WG but the third paragraph onwards needs revising since it talks about a two
phased approach. It is recognised that more than a two phased approach will be needed,
since we are now in phase 2. It was agreed that this WG will be an authorisation
architecture group for OGSA even though its output will be aimed at a wider audience
than simply OGSA. It was also agreed to keep with the OGSA-Authz name for the group.
The tentative set of Output documents were agreed upon:
i)
a Scenario document which can be part of the Architecture document.
ii)
Version 2 of the PEP-PDP protocol document.
iii)
Version 1 of the PEP-CVS protocol
Implications for UK E-Science. We are still in the very early days of standardising a
replacement protocol for the OGSA Authz SAML profile. The latter is known to be
deficient (not least from experiments carried out by Richard Sinnott at Glasgow) but
there is no consensus yet as to what the replacement should be.
Related documents
Report of OGF22 Meeting, Boston, 25-28 Feb 2008 OGSA-Authz Working Group
Report of OGF22 Meeting, Boston, 25-28 Feb 2008 OGSA-Authz Working Group
Web Services and OGSA
Web Services and OGSA
Report of GGF16 Meeting Athens 13-15 Feb 2006
Report of GGF16 Meeting Athens 13-15 Feb 2006
Abstraction Layers • Why do we need them? – Protection against change
Abstraction Layers • Why do we need them? – Protection against change
Data Breakout
Data Breakout
OGSA – Data Access and Integration Services – WP6 15 April 2002
OGSA – Data Access and Integration Services – WP6 15 April 2002
Early Adopters Workshop Web Services Developer's Track Open Grid Services Architecture
Early Adopters Workshop Web Services Developer's Track Open Grid Services Architecture
OGSI Technology Preview Overview The Globus Project™ Argonne National Laboratory
OGSI Technology Preview Overview The Globus Project™ Argonne National Laboratory
Open Grid Services Architecture Framework for Grid Service evolution
Open Grid Services Architecture Framework for Grid Service evolution
Early Adopters Workshop J2EE Design Open Grid Services Architecture
Early Adopters Workshop J2EE Design Open Grid Services Architecture
EU DataGrid and OGSA Intentions and Plans how to use Grid Services
EU DataGrid and OGSA Intentions and Plans how to use Grid Services
GRID Interoperability: Beyond OGSI
GRID Interoperability: Beyond OGSI
The Web Service Discovery Architecture (WSDA) How to Reach Mentioned Objectives?
The Web Service Discovery Architecture (WSDA) How to Reach Mentioned Objectives?
Techniques for Monitoring Large Loosely-coupled Cluster Jobs Brian L. Tierney Dan Gunter
Techniques for Monitoring Large Loosely-coupled Cluster Jobs Brian L. Tierney Dan Gunter
An Authorisation Interface for the GRID Abstract
An Authorisation Interface for the GRID Abstract
Performance of Web Services Security Mechanisms: Analysis and Evaluation Abstract
Performance of Web Services Security Mechanisms: Analysis and Evaluation Abstract
Download
advertisement