[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [ggf-ogsa-sec-wg] New specs released: WS-SecurityPolicy, WS-Trust, WS-SecureConversation, WS-Policy, WS-PolicyAttachments, WS-PolicyAssertions
Olle,
If you mean we specify the semantics and leave the syntax to the
implementation I agree, to some extent. The challenge is that as each
"specification" comes into the space, there are some associated concepts
we need to add to the grid domain - I am being vague on purpose here. I
am not sure we can achieve this just based on "profiles" - what I mean
is profiles are necessary but are not complete by themselves. I am
almost sure, you will agree that WSS standards are *one* way of
implementing the concepts and so our abstraction should be crisp enough
to be flexible yet unambiguous.
cheers
> -----Original Message-----
> From: owner-ogsa-sec-wg@gridforum.org
> [mailto:owner-ogsa-sec-wg@gridforum.org] On Behalf Of Olle Mulmo
> Sent: Thursday, December 19, 2002 9:58 AM
> To: ksankar@cisco.com; ogsa-sec-wg@gridforum.org
> Subject: RE: [ggf-ogsa-sec-wg] New specs released:
> WS-SecurityPolicy, WS-Trust, WS-SecureConversation,
> WS-Policy, WS-PolicyAttachments, WS-PolicyAssertions
>
>
>
> Hmm? "implement them in multiple ways"... Isn't that exactly
> what we have
> already? That is, a framework that specifies what messages
> should flow in
> what direction, but refraining from defining the payload (or
> recommending
> a set of different payloads).
>
> I see OGSA-sec as the forum where we discuss and propose a set of
> "profiles" that augments the WSS standards such that they foster
> interoperability as well as addressing the special security related
> concerns that we have in a grid environment.
>
> This of course means we have to evaluate WSS to begin with.
> Let's assume
> we have, for the sake of argument, and also assume that SAML
> is the OGSA
> choice for defining privilege assertions.
>
> <example>
> When delegating privileges, you may want to produce a chain of
> assertions: An authority issues privilege P with
> delegation rights
> to user X, and X in turn delegates P to user Y.
>
> Markus Lorch and I recently noticed that such chaining of SAML
> assertions is not a straightforward task, as SAML wasn't
> architectured for such scenarios: to begin with, the
> formats of the
> "issuer" and "subject" fields are different... in the
> SAML mailing
> lists archive there is a discussion about this but the issue was
> never resolved as it was considered "out of scope".
>
> If this workgroup concurs that this is in deed an issue
> for OGSA,
> someone needs to write up a specification on how to
> create chained
> SAML assertions in a non-ambigious manner.
> </example>
>
> The "profile" document emerging from the example above is what this
> workgroup is all about.
>
> Or have I understood things wrong?
>
> /Olle
>
> -----Original Message-----
> From: owner-ogsa-sec-wg@gridforum.org
> [mailto:owner-ogsa-sec-wg@gridforum.org]On Behalf Of Krishna Sankar
> Sent: den 19 december 2002 16:55
> To: ogsa-sec-wg@gridforum.org
> Subject: RE: [ggf-ogsa-sec-wg] New specs released: WS-SecurityPolicy,
> WS-Trust, WS-SecureConversation, WS-Policy, WS-PolicyAttachments,
> WS-PolicyAssertions
>
>
> Yep, we need to internalize the concepts and extend them to the Grid
> domain. I would like to see an abstraction layer incorporating these
> concepts and a plug-in type extensible architecture so that we could
> implement them in multiple ways. Would like to be part of the
> discussions.
>
> Cheers & happy holidays
> -----Original Message-----
> From: owner-ogsa-sec-wg@gridforum.org
> [mailto:owner-ogsa-sec-wg@gridforum.org] On Behalf Of Marty Humphrey
> Sent: Wednesday, December 18, 2002 9:41 AM
> To: ogsa-sec-wg@gridforum.org
> Subject: [ggf-ogsa-sec-wg] New specs released: WS-SecurityPolicy,
> WS-Trust, WS-SecureConversation, WS-Policy, WS-PolicyAttachments,
> WS-PolicyAssertions
>
>
> Folks,
>
> Six new specs have been released (today, I believe) that are
> related to
> our OGSA SEC efforts. These are:
>
> [1] WS-SecurityPolicy
> [2] WS-Trust
> [3] WS-SecureConversation
> [4] WS-Policy
> [5] WS-PolicyAttachments
> [6] WS-PolicyAssertions.
>
> The key, of course, is how we see these fitting into our efforts.
>
> Many of these documents are co-authored by multiple
> organizations (e.g.,
> Microsoft, Verisign, IBM, RSA, etc.) See
> http://msdn.microsoft.com/webservices/understanding/gxa/defaul
t.aspx for
the Microsoft links to these documents.
We need to carefully read these (as a community) and evaluate them.
Something to do over the Holidays! :^)
-- Marty
Marty Humphrey
Assistant Professor
Computer Science Department
University of Virginia
- Prev by Date:
RE: [ggf-ogsa-sec-wg] New specs released: WS-SecurityPolicy, WS-Trust, WS-SecureConversation, WS-Policy, WS-PolicyAttachments, WS-PolicyAssertions
- Next by Date:
RE: [ggf-ogsa-sec-wg] New specs released: WS-SecurityPolicy, WS-Trust, WS-SecureConversation, WS-Policy, WS-PolicyAttachments, WS-PolicyAssertions
- Prev by thread:
RE: [ggf-ogsa-sec-wg] New specs released: WS-SecurityPolicy, WS-Trust, WS-SecureConversation, WS-Policy, WS-PolicyAttachments, WS-PolicyAssertions
- Next by thread:
RE: [ggf-ogsa-sec-wg] New specs released: WS-SecurityPolicy, WS-Trust, WS-SecureConversation, WS-Policy, WS-PolicyAttachments, WS-PolicyAssertions
- Index(es):