[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ggf-ogsa-sec-wg] OGSA-SEC drafts status questions

To: Nataraj Nagaratnam <natarajn@us.ibm.com>
Subject: [ggf-ogsa-sec-wg] OGSA-SEC drafts status questions
From: Dane Skow <dane@fnal.gov>
Date: Thu, 11 Mar 2004 10:15:08 -0600
Cc: "'David Snelling'" <d.snelling@fle.fujitsu.com>, ogsa-sec-wg@ggf.org, grimshaw@cs.virginia.edu, "'Hiro Kishimoto'" <Hiro.Kishimoto@jp.fujitsu.com>, Marty Humphrey <humphrey@cs.virginia.edu>
In-reply-to: <OF634F2A5A.9D648478-ON85256E54.003B9A76-85256E54.003CEA9B@us.ibm.com>
References: <OF634F2A5A.9D648478-ON85256E54.003B9A76-85256E54.003CEA9B@us.ibm.com>
Sender: owner-ogsa-sec-wg@gridforum.org
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4)Gecko/20030624

I'm copying the ogsa-sec-wg list since there seems to be contention on the status of the
drafts in this group. Comments inline and I've preserved the full thread for the
record.

Nataraj Nagaratnam wrote:

Dane

It is one thing about lack of participation/interest and WG activities.. and another thing about the documents.

Agreed that the fate of the group and the fate of the documents are separate questions.

Independent of whether we do more work under OGSA-SEC WG or we want to form a design team within OGSA WG, we must have an architecture/roadmap wrt security that one can base "design" on. I believe the two documents that were submitted to OGSA SEC WG are relevant in that space. So, I believe the architecture/roadmap docs need to be made "official" (with any comments/changes that are required/commented on thru due process). Even if this official document means that it talks about high level requirements, architecture and framework without getting to specifics of recommending any particular standard or technology.

What forum do you propose to use to carry forward that process of "making official" ? On what
timescale do you think it can be accomplished and why ? I do not dispute that agreement on these topics are needed and needed urgently.

As far as the architecture document goes, I see no discussion of this document in the mailing list
for over a year and no clear consensus on it. I recall discussion of the document at the June '03
meeting, but I do not recall concensus at that time either. I personally, do not believe this document defines an architecture but rather motivates a list of desired functions and their interrelationship. I do not concur with the "architecture" it describes as I think it is much too ambitious for the initial specification. There is no clear differentiation between services which are required and which are optional. In fact, I believe the word "required" is much too loosely used for an architecture specification.

A roadmap without a group of people committing to follow that roadmap is of limited value, particularly at this time, in my opinion. I believe there is no evidence in OGSA-SEC for any group of people rallying to the roadmap (an a program of work) as expressed in this draft.

Given the great amount of effort and progress in the OGSA working group on the full architecture,
I'm not confident that the current draft coordinates well with the current architecture. Nor do I believe the represent the level of detail expected from the architecture document on full release. While Frank has been participating in the OGSA working group particularly on security issues, I don't believe he's been working the liaison or maintenance of this document. Frank ?

IMO, as long as work gets done, it doesn't matter.. where .. as long as a body is identified. I thought that was the goal of OGSA SEC WG. If people have interest in working on OGSA SEC WG, I expect them to contribute through a body that has folks with similar interests - OGSA-SEC WG was formed with that intent, as far as I understood. Maybe I misunderstood that.. or there is something else going on that I don't understand. With a design team, you need mailing list, etc.. and it would still make sense to have the OGSA-SEC WG and do the work under that. If this is considered baggage from process perspective.. then I am not clear what is the goal of a design team and what the process is.

I'm going to agree violently with you. I believe those that have been contributing to the OGSA security architecture HAVE been contributing through a body with similar interests -- and they've been doing it in the OGSA working group. The problem is that the default expectation of an outsider (and perhaps a goodly portion of the OGSA-WG even) is that it's going on in OGSA-SEC. Given the level of activity in OGSA-SEC for the past
half year, I see no reason to "defend the turf" of the Security area and think we should make it clear that this work is being done where it is being done -- in OGSA-WG unless something were to start up here (or elsewhere). I agree with the momentum and startup comments, I just think it's OGSA-SEC that has the (re)startup problem.

Is there reason to believe that the activity in OGSA-WG will be less effective than current
(or reasonably forecast) activity in OGSA-SEC-WG ? Perhaps I'm overestimating the work being done within the OGSA-WG, but I'm told Frank has been active and I see other names as well.

In any case.. my primary concern is that we should not start working on details/design without agreeing on a framework/architecture (whatever level it is). I think we need documents are positioned to be some sort of reference architecture/framework upon which further design and details can be worked on. The input documents are a good starting point. If that is all we have and no interest in working on them anymore, then we need to take it thru the process to make them "official"

I agree with the concern. I disagree that the current documents are "ready". I agree that the
primary point is who is going to do the work on creating an architecture. These drafts should be
input to that group's work, but it should be done where the people are doing the work. Soooo.
Who is going to do the work ? As far as I can see, the only people working on this are Frank etal
in OGSA-WG. I suspect there are not enough people working on the security architecture for OGSA anywhere. I think we need to push the alarm button. Question is: where to send the responders ?

My questions to this working group for status of these drafts have gone unanswered for the past
month. I see no reason to believe anything other than this working group has abandoned them.
If I'm wrong, then I expect to be corrected. If I'm right and there is a limited set of people
interested in the current drafts and unwilling to do further work in this working group, then I expect that set could take the documents elsewhere or submit them to the editor as individual submissions.

Dane

.

Comments?

-Raj

*Dane Skow <dane@fnal.gov>*

03/11/2004 02:00 AM

To
Marty Humphrey <humphrey@cs.virginia.edu>, Nataraj Nagaratnam/Raleigh/IBM@IBMUS
cc
"'Frank Siebenlist'" <franks@mcs.anl.gov>, "'David Snelling'" <d.snelling@fle.fujitsu.com>, grimshaw@cs.virginia.edu, "'Hiro Kishimoto'" <Hiro.Kishimoto@jp.fujitsu.com>
Subject
Re: Meet today at lunch ?

Marty Humphrey wrote:

>I hope you have an enjoyable and productive GGF10. I'll catch up with Andrew on this when he gets back.
>
>-- Marty
>
Marty and Raj,

We've all been concerned about the OGSA-SEC group for some time:
whether it's a top down design process, a collection of experiences from
implementers leading to extraction of a "standard" definition, or a
liaison with an external organization that will do it all (OASIS and
WS-*). What is very clear to me is that there's not enough people
willing to pick one of these and work it within the
current working group for us to expect success any time soon. It's also
been clear that there are significant external dependencies (WS-*) that
have not progressed as expected.

I believe this is one of those unfortunate situations where people have to
go ahead and build a plan (OGSA architecture) knowing that some of the
components won't
be available exactly as expected when it come time to build. I think we
have to proceed and just
hope that the adaptations needed are small. It is very clear to me that
the question "What is a grid"
has to be defined (for at least one type of grid) in more detail that
Ian F's famous 3 criteria to
build further interest in contributed components and wider adoption. I
believe the current OGSA
effort has the momentum to do that. I'm also certain that the intial
plan will have to be revised and
informed by wider discussion and implementation experience. I think both
of these are more likely if we get something specific out on the table
to begin the process.

With that in mind, our lunch discussion concluded that the best path
forward would be to explicitly
acknowledge the way that we've been working over the past year. We
propose a design team on security be formed in the OGSA-WG (where Frank
S. has been doing yoeman work) and that we
recommend that OGSA-SEC be closed down in the Security area until the
initial OGSA architecture document is out and a more clear mandate (and
willing workers) is available. I understand that Hiro is agreeable to
this design team in OGSA-WG (yes, Hiro ?). Unless you have
a strong counter argument, I plan on announcing this at the Friday Area
meeting and taking the
recommnedation to close the current OGSA-SEC working group to the GFSG.

I will focus on the need to produce a consistent OGSA architecture with
minimum requirements/expectations for components ASAP and the need to
not overextend the security
workers and endorse the current focussed activity on OGSA-AuthZ. I also
plan to announce the proposal to shutdown the ARRG group and accentuate
people's ability to contribute individual submissions for documents and
drafts for work where there is not sufficient breadth of contribution to
warrant a full group.

Let me know what you think.

Regards,
Dane

Prev by Date: More efficient than via-gra
Next by Date: [ggf-ogsa-sec-wg] Introduction
Previous by thread: More efficient than via-gra
Next by thread: [ggf-ogsa-sec-wg] Introduction
Index(es):
- Date
- Thread