[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [ggf-ogsa-sec-wg] Yet another fork [Was: A Question on Procedure]

To: <mulmo@pdc.kth.se>
Subject: Re: [ggf-ogsa-sec-wg] Yet another fork [Was: A Question on Procedure]
From: Nataraj Nagaratnam <natarajn@us.ibm.com>
Date: Mon, 3 Feb 2003 18:15:54 -0500
Cc: ksankar@cisco.com, mulmo@pdc.kth.se, ogsa-sec-wg@gridforum.org, owner-ogsa-sec-wg@gridforum.org
Sender: owner-ogsa-sec-wg@gridforum.org



I probably missed those mails (was on vacation) in December.

Given Grid services are based on Web services, OGSA Security must be based
on Web services security;  I don't think inventing a new security model
under GGF is going to help. Therefore, we should be basing OGSA security on
the Web services security specs - e.g., out of WSS TC in OASIS.

thanks,
Nataraj Nagaratnam





|---------+------------------------------->
|         |           "Olle Mulmo"        |
|         |           <mulmo@pdc.kth.se>  |
|         |           Sent by:            |
|         |           owner-ogsa-sec-wg@gr|
|         |           idforum.org         |
|         |                               |
|         |                               |
|         |           01/30/2003 06:04 AM |
|         |           Please respond to   |
|         |           mulmo               |
|         |                               |
|---------+------------------------------->
  >---------------------------------------------------------------------------------------------------------------------------------------------|
  |                                                                                                                                             |
  |       To:       <ksankar@cisco.com>, <mulmo@pdc.kth.se>, Nataraj Nagaratnam/Raleigh/IBM@IBMUS                                               |
  |       cc:       <ogsa-sec-wg@gridforum.org>                                                                                                 |
  |       Subject:  [ggf-ogsa-sec-wg] Yet another fork [Was: A Question on Procedure]                                                           |
  |                                                                                                                                             |
  >---------------------------------------------------------------------------------------------------------------------------------------------|





All,

Looking back at the emails exchanged before X-mas, I found that
there was no consensus in this group as to whether the WSS
documents were applicable to OGSA-sec. Several people raised
concerns that we need to look carefully at the documents first.

I have since sensed a shift in this matter, especially after the
workshop at GlobusWorld. I also interpret the last number of
emails as if they have all been written with the assumption that
OGSA-sec relies on/reuses WSS.

Is it just me or is it a fact that we have now become pro-WSS?
An action point for GGF7 perhaps? (I won't go)

/Olle

-----Original Message-----
From: Krishna Sankar [mailto:ksankar@cisco.com]
Sent: den 30 januari 2003 05:44
To: mulmo@pdc.kth.se; natarajn@us.ibm.com
Cc: ogsa-sec-wg@gridforum.org
Subject: RE: [ggf-ogsa-sec-wg] A Question on Procedure [Was: Re:
Virtualized channels as abstractions for the Ws-xxx specifications and
beyond]


Olle,

> It wouldn't really matter that the underlying GSS and WS-Trust
documents
> are still both in flux, as the spec would be on top of these
documents,
> void of any specific details (apart from any ServiceData definitions,
and
> the semantics and behavior of the service itself).
>
<KS>
             Exactly ! At the A (Architecture) and I(Infrastructure) layer,
we should *only* capture the serviceData (and associated vocabulary) and
the behavior of the service.

             How it is implemented is up to the implementers. But for
interoperability we need the same way of representation - that is where
the WS-xxx proposals come in. They provide interoperable syntax and
semantics at the wire level. BTW, your comparison of sourgeforge project
is not accurate here.

             Going a little deeper, we have the security roadmap based on
the
WS-XXX roadmap and a set of Grid specifications listed in the documents.
That is what we are executing against i.e. making the grid roadmap a
reality by gathering wgs around specific deliverables.

             If (actually when) tomorrow a new concept comes out - be an
XML
proposal or a binary idea or a way of doing something, we would check it
out and see how it fits in our security architecture. We will update the
architecture document and articulate what artifacts are required. May be
at the I(Infrastructure) level or may be at the A (Architecture) level.
Then we would develop the required artifacts - either as a separate wg
or an existing wg.

             So any bottoms up or top down concepts go thru the same
process
- incorporate in the architecture, define artifacts and then develop
them. BTW, when we define in the architecture we might do a subset by
profiles - nothing says we need to consume the idea/concept/proposal
fully.

             On the question of how long to wait is an art. In this case,
we
should start ASAP on the Ws-XXX related Grid specifications, as we need
these concepts in the Grid. In that sense the waiting depends on the
concept.
</KS>

cheers

Follow-Ups:
- Re: [ggf-ogsa-sec-wg] Yet another fork [Was: A Question on Procedure]
  - From: Gary Ellison <gary.ellison@sun.com>

Prev by Date: [ggf-ogsa-sec-wg] Policy and Trust Implementer's Workshop Invitation
Next by Date: [ggf-ogsa-sec-wg] Resigning as security area director
Prev by thread: [ggf-ogsa-sec-wg] Policy and Trust Implementer's Workshop Invitation
Next by thread: Re: [ggf-ogsa-sec-wg] Yet another fork [Was: A Question on Procedure]
Index(es):
- Date
- Thread