[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [ggf-ogsa-sec-wg] Yet another fork [Was: A Question on Procedure]

>>>>> " " == Nataraj Nagaratnam <natarajn@us.ibm.com> writes:

 > I probably missed those mails (was on vacation) in December.

 > Given Grid services are based on Web services, OGSA Security must be based
 > on Web services security;  I don't think inventing a new security model
 > under GGF is going to help. Therefore, we should be basing OGSA security on
 > the Web services security specs - e.g., out of WSS TC in OASIS.

I assume you are only talking about the one specification being
developed within the OASIS WSS TC and not the set of specs published
by a handful of companies of which the IPR and licensing terms are
completely unknown.

Also that particular specification is by no means a security
model. Lets not conflate the notion of 'Web services" and "Web
services security" with the current state of the art. 





 > |---------+------------------------------->
 > |         |           "Olle Mulmo"        |
 > |         |           <mulmo@pdc.kth.se>  |
 > |         |           Sent by:            |
 > |         |           owner-ogsa-sec-wg@gr|
 > |         |           idforum.org         |
 > |         |                               |
 > |         |                               |
 > |         |           01/30/2003 06:04 AM |
 > |         |           Please respond to   |
 > |         |           mulmo               |
 > |         |                               |
 > |---------+------------------------------->
>> ---------------------------------------------------------------------------------------------------------------------------------------------|
 >   |                                                                                                                                             |
 >   |       To:       <ksankar@cisco.com>, <mulmo@pdc.kth.se>, Nataraj Nagaratnam/Raleigh/IBM@IBMUS                                               |
 >   |       cc:       <ogsa-sec-wg@gridforum.org>                                                                                                 |
 >   |       Subject:  [ggf-ogsa-sec-wg] Yet another fork [Was: A Question on Procedure]                                                           |
 >   |                                                                                                                                             |
>> ---------------------------------------------------------------------------------------------------------------------------------------------|





 > All,

 > Looking back at the emails exchanged before X-mas, I found that
 > there was no consensus in this group as to whether the WSS
 > documents were applicable to OGSA-sec. Several people raised
 > concerns that we need to look carefully at the documents first.

 > I have since sensed a shift in this matter, especially after the
 > workshop at GlobusWorld. I also interpret the last number of
 > emails as if they have all been written with the assumption that
 > OGSA-sec relies on/reuses WSS.

 > Is it just me or is it a fact that we have now become pro-WSS?
 > An action point for GGF7 perhaps? (I won't go)

 > /Olle

 > -----Original Message-----
 > From: Krishna Sankar [mailto:ksankar@cisco.com]
 > Sent: den 30 januari 2003 05:44
 > To: mulmo@pdc.kth.se; natarajn@us.ibm.com
 > Cc: ogsa-sec-wg@gridforum.org
 > Subject: RE: [ggf-ogsa-sec-wg] A Question on Procedure [Was: Re:
 > Virtualized channels as abstractions for the Ws-xxx specifications and
 > beyond]


 > Olle,

>> It wouldn't really matter that the underlying GSS and WS-Trust
 > documents
>> are still both in flux, as the spec would be on top of these
 > documents,
>> void of any specific details (apart from any ServiceData definitions,
 > and
>> the semantics and behavior of the service itself).
>> 
 > <KS>
 >              Exactly ! At the A (Architecture) and I(Infrastructure) layer,
 > we should *only* capture the serviceData (and associated vocabulary) and
 > the behavior of the service.

 >              How it is implemented is up to the implementers. But for
 > interoperability we need the same way of representation - that is where
 > the WS-xxx proposals come in. They provide interoperable syntax and
 > semantics at the wire level. BTW, your comparison of sourgeforge project
 > is not accurate here.

 >              Going a little deeper, we have the security roadmap based on
 > the
 > WS-XXX roadmap and a set of Grid specifications listed in the documents.
 > That is what we are executing against i.e. making the grid roadmap a
 > reality by gathering wgs around specific deliverables.

 >              If (actually when) tomorrow a new concept comes out - be an
 > XML
 > proposal or a binary idea or a way of doing something, we would check it
 > out and see how it fits in our security architecture. We will update the
 > architecture document and articulate what artifacts are required. May be
 > at the I(Infrastructure) level or may be at the A (Architecture) level.
 > Then we would develop the required artifacts - either as a separate wg
 > or an existing wg.

 >              So any bottoms up or top down concepts go thru the same
 > process
 > - incorporate in the architecture, define artifacts and then develop
 > them. BTW, when we define in the architecture we might do a subset by
 > profiles - nothing says we need to consume the idea/concept/proposal
 > fully.

 >              On the question of how long to wait is an art. In this case,
 > we
 > should start ASAP on the Ws-XXX related Grid specifications, as we need
 > these concepts in the Grid. In that sense the waiting depends on the
 > concept.
 > </KS>

 > cheers







--
mailto:gary.ellison@sun.com
"The structure of a system reflects the structure of the organization
			   that built it."
			  -- Richard Fairley