FW: [security-wg] OGSA-Auth-WG now formed - telecon and GGF9 schedule

Ivan R. Judson judson at mcs.anl.gov
Tue Aug 26 14:51:18 CDT 2003 

We should have one person interface with this group since we've got an
authorization solution in place. We can probably provide useful feedback on
how authorization is used in our system, especially the fact that it's an
"internally exposed" interface -- that is, we modify it on the fly from
within our system. Many systems do not do that.

--Ivan

> -----Original Message-----
> From: owner-security-wg at gridforum.org 
> [mailto:owner-security-wg at gridforum.org] On Behalf Of Von Welch
> Sent: Tuesday, August 26, 2003 1:33 PM
> To: authz-wg at gridforum.org; security-wg at gridforum.org; 
> ogsa-sec-wg at gridforum.org; caops-wg at gridforum.org; 
> sa3-rg at gridforum.org
> Cc: Rebekah Lepro; Andrew McNab
> Subject: [security-wg] OGSA-Auth-WG now formed - telecon and 
> GGF9 schedule
> 
> 
> 
> Folks,
> 
>  We are pleased to announce the OGSA Authorization WG 
> (OGSA-Authz-WG) is now officially formed. Rebekah Lepro, 
> Andrew McNabb, and myself are serving as co-chairs. We have a 
> session at GGF9 scheduled and are planning a pair of telecons 
> before GGF9, as described in this note.
> 
>  The final charter appears below. It is what was circulated 
> on the ogsa-sec-wg list a while back, but trimmed to just one 
> phrase of documents to be produced in the next year. Andrew 
> is looking into a web page and email list now for the new 
> group, an similar announcement will be made when established.
> 
>  We have a session secheduled at GGF9 (Tues Oct 7, 4pm-5:30pm 
> CT). At that session we would like to have at least skeletons 
> of the four documents described in the charter for discussion.
> 
>  To facilitate this goal we are planning two telecons before 
> GGF9 - one on Friday, September 5th and the other on Friday, 
> September 19th, both at 12 pm EST (number TBA). We hope that 
> anyone wanting to author or contribute to these documents can 
> make these calls, if not please contact one of the chairs and 
> let us know so we can count you in.
> 
> Von (for Rebekah, Andrew and Von)
> 
> --OGSA-Authz-WG Charter--
> 
> OGSA Authorization WG
> Global Grid Forum, Security Area
> 
> Chairs:
> 	Rebekah Lepro <rlepro at arc.nasa.gov>
> 	Andrew Mcnab <mcnab at hep.man.ac.uk>
> 	Von Welch <vwelch at ncsa.uiuc.edu>
> 
> Secretary(s):
> 	To be performed by the Chairs
> 
> Email list:	[TBD]
> 
> Web page:  [TBD]
>  
> Charter: 
> 
> The objective of the OGSA Authorization WG is to define the 
> specifications needed to allow for basic interoperability and 
> pluggability of authorization components in the OGSA 
> framework. There are a number of authorization systems 
> emerging in the Grid today (Akenti, PERMIS, CAS, VOMS, 
> Cardea, etc.), these specifications will allow these 
> solutions to be interchangeably used with middleware that 
> requires authorization functionality.
> 
> This group will leverage authorization work that is ongoing 
> in the Web services world (e.g. SAML, XACML, the WS Security 
> suite) and define specification for how these should be used 
> for Grid services.
> 
> This group will take a two-phased approach. This particular 
> working group will focus on creating simpler specifications 
> that allow for basic authorization functionality to meet 
> immediate community needs in as short a timeframe as 
> possible. During this working group's activities, advanced 
> issues requiring greater debate and/or experience will be 
> identified and set aside so as to be addressed in a 
> subsequent working group.
> 
> The WG will hold regular conference calls (schedule TBD) in 
> order to maintain forward progress.
> 
> This will include the following documents:
> 
> . A specification for an OGSA authorization service (aka a 
> policy decision point) which can render authorization 
> decisions on actions regarding OGSI services. This should 
> include at least one profile of how such a service would be 
> implemented with standard mechanisms (e.g., SAML).
> 
> . A specification for attribute assertion formations - what 
> needs to be contained in their assertions for OGSA use and at 
> least one profile for using a standard mechanism for 
> instantiating OGSA assertions.
> 
> . A specification for an OGSA authorization policy language. 
> While implementations of various services may use internal 
> representations of policy, this specification will define at 
> least one language for exchange of authorization policy based 
> on a existing standard (e.g. XACML).
> 
> . A non-normative OGSA authorization scenarios document 
> discussing use cases to be addressed and what their 
> requirements. This document should build off of the work done 
> by the Authorization Frameworks and Mechanisms group.
> 
> Goals:
> 	
> GGF9: Rough drafts of all documents available
> 
> GGF10: Documents complete.
> 
> GGF11: Documents passed WG and on to GGF Editor for public comment.
> 
> Evidence of commitments to carry out WG tasks:
> 
> A poll was taken on the OGSA Security WG mailing list as to 
> who would be willing to actively contribute to the documents 
> specified in the proposed milestones. All the documents have 
> at least two people committed to driving them, with documents 
> #1 and #2 having five and six people respectively. These 
> people include primary developers of current popular Grid 
> authorization systems - Akenti, PERMIS, VOMS, CAS and Cardea.
> 
> Pre-existing Document(s) (if any):
> 
> Two contributions are available for consideration as initial rough
> drafts: 
> http://www.globus.org/ogsa/security/authz/OGSA-authorization-r
equirements-june3.pdf
http://www.globus.org/ogsa/security/authz/OGSA-SAML-authorization-profile-ju
ne4.pdf

Exit Strategy:

Completion of documents.

Relationship to other GGF groups:

OGSA-Security-WG: This working group is guiding the overall OGSA Security
architecture. The OGSA-Authz-WG was formed with the guidance of the
OGSA-Security-WG and it's goals and documents are in line with it's current
working documents for OGSA security architecture and roadmap.

SAAR-WG: This working group has generated a number of requirements that
should be considered by the OGSA-Authz-WG and either addressed in its
documents if possible or deferred to the next phase if not.

OGSI-WG and OGSA-WG: These working groups are defining the OGSA and the Grid
Service with this group is defining Authorization standards for. The
OGSA-Authz-WG is limited in scope to the Grid Service as defined by these
groups and needs to adapt to any changes to the OGSA or OGSI specifications
made by these groups.

Authz-WG: This WG has defined basic frameworks and terminology for Grids.
The OGSA-Authz-WG differs in that it is defining explicit standards to
enable interoperability scoped to OGSA. OGSA-Authz-WG should leverage the
work done by the Authz-WG to aid in communication and document writing as
much as possible. It may also work with the Authz-WG if it finds their
generated specifications aren't fit with the Authz-WG work.

--End Charter--

More information about the ag-dev mailing list