Re: [ggf-ogsa-sec-wg] VO consideration

["Glenn S. Wasson" <gsw2c@cs.virginia.edu>]

On Sun, 27 Oct 2002, Takashi Kojo wrote:

> > > - What would be real organization(RO) policy/trust and VO policy/trust?
> >
> > Again, WS-Policy and WS-Trust will play a role here. Policy
> > conflict between VO-wide policy and the policies of the various ROs in the
> > VO is an area of active research for us. Policy and trust are both dynamic
> > considerations and so there must be mechanisms to handle updates.
>
> Actually I am not yet very clear about the policy and trust relationship.
> In my sense, policy might include non-security related policy
> that could  be defined for administration or system efficiency, for example.
> But let's assume, for now, WS-Policy is limited to security related policy.
> Then I agree that each RO should have its trust model and claim
> of the own trust. Looking at a party's trust claim and own policy
> you can translate them into a set of operation rules. On the way,
> you might also find some collisions of the trust and policy.
>
> Is this correct interpretation?

	I agree that policy is more than just security and there is a lot
of interesting work to be done beyond ws-policy. Your interpretation is
correct in terms of security conflicts, but I think the possibility exists
for conflict with other types of policy as well. Since changing an ROs
security policy/trust is often difficult (or impossible), security policy
is probably where the most conflicts will be most frequent and hardest to
resolve.

Glenn
---
Glenn Wasson
wasson@virginia.edu
http://www.cs.virginia.edu/~gsw2c/