RE: [ggf-ogsa-sec-wg] Two documents

["Markus Lorch" <mlorch@vt.edu>]

I really think these contributions move the community forward and are 
needed, however, I would have welcomed some sort of announcement and 
discussion on the mailing list before the documents are submitted 
to the GGF website. 

The purpose of providing documents to the webmaster before a meeting is
to give "outsiders" a way to inform themselves of what the working group
is currently doing, what are its current products, and what will be 
discussed at the in-person meeting such that they can make an informed 
decision on attending/joining. I do not think these two documents serve 
that purpose. To mitigate this issue, we could probably have a short 
presentation on these docs under the agenda point of "Status of ongoing 
web services security work". Is that what you planned Raj, Marty?

In general this raises the question of how do these documents fit into 
the charter "The purpose of the OGSA Security WG (OGSA-Sec) is to 
enumerate and address the Grid Security requirements in the context 
of the OGSA." ?

These documents present "bottom-up draft specifications". A secondary
task 
of this WG is to spawn other WGs to address such approaches. Is this a
case
where we need to spawn of another short-lived, specialized group?

Otherwise, in the general spirit of having very precise and focused
charters
in GGF, we should possibly consider to modify the charter to allow for
such 
work. 

Comments, thoughts?

Three comments on the SAML doc:

- 3.1.6 "capability" may be the incorrect term here. In traditional 
scenarios a capability has two explicit components: the right it 
provides and the object this right can be used on, the holder of the 
capability (and thus who can use it) is implicit. (this is the
complement to an ACL, where you have holder and right explicit and 
the object is implicit) 
The way such push scenarios are often implemented (e.g. in PRIMA, see
zuni.cs.vt.edu/grid-security) all three components are explicit. A 
better term may be "privilege" or simply  assertion. I myself like 
privilege.

-3.1.7 You address the issue of server authorization, which I think 
is very important. Along these lines isn't it equally important for
a user/requestor to determine what subset of his rights should be used
for a specific access (may be used by the server to make an
authorization
 decision). This is where the push model comes into play where
the user can be in the loop and select the rights/privileges/assertions
that should be presented to the grid services. This is a way to provide
the user with the power to submit requests that leverage a
least-privilege
access scenario.

-8. Typo in Von's address : "University"


Markus




> -----Original Message-----
> From: owner-ogsa-sec-wg@gridforum.org 
> [mailto:owner-ogsa-sec-wg@gridforum.org] On Behalf Of Von Welch
> Sent: Saturday, February 15, 2003 3:19 PM
> To: ogsa-sec-wg@gridforum.org
> Cc: Frank Siebenlist; Laura Pearlman; Samuel Meder
> Subject: [ggf-ogsa-sec-wg] Two documents
> 
> 
> 
> All-
> 
>  We have a pair of documents we are submitting to you, the OGSA
> Security Working group, for consideration. Both of these documents
> represent bottom-up draft specifications of work we are actively
> doing. We like to get input from the community and derive GGF
> specifications from these drafts.
> 
> The documents are:
> 
>     *  "Use of SAML for OGSA Authorization"
> 
>     * "A GSSAPI profile for security context establishment and message
> protection using WS-SecureConversation and WS-Trust"
> 
>  Both of these documents have been submitted to the GGF webmaster for
> posting on the document page. They are also available now at:
> 
http://www.globus.org/ogsa/Security/

We will also send a note to the WG chairs and ask for discussion time
at GGF7.

Regards,

Von (for Frank, Laura, Sam and Von)

p.s. I'm writing this as I pack for vacation for a week so please be
sure to cc my colleagues during this time on any questions.