[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [ggf-ogsa-sec-wg] Two documents

To: "Markus Lorch" <mlorch@vt.edu>
Subject: RE: [ggf-ogsa-sec-wg] Two documents
From: "Von Welch" <welch@mcs.anl.gov>
Date: Mon, 24 Feb 2003 10:46:15 -0600
Cc: <ogsa-sec-wg@gridforum.org>, "'Frank Siebenlist'" <franks@mcs.anl.gov>, "'Laura Pearlman'" <laura@isi.edu>, "'Samuel Meder'" <meder@mcs.anl.gov>
In-reply-to: <002401c2d5fd$96f20200$7600a8c0@voyager>
References: <15950.41118.966000.585693@gargle.gargle.HOWL><002401c2d5fd$96f20200$7600a8c0@voyager>
Sender: owner-ogsa-sec-wg@gridforum.org

Markus,

 I'll restate the point that Brian made, is that these documents are
just another form of WG communication. By putting them on the web page
this implies no endorsement by the WG, it's just a means of making
them public both to the WG and the world. And I understand it is a
requirement for discussion at GGF.

 Our intent with these documents is to show the WG, in detail, what we
think is needed and our initial thoughts on how to go about it, to act
as a stake in the ground to spur conversation around that stake (with
one possible result being it's rejection). Also I see them driving us
to figure out, assuming we choose to, how to deal with such
specifications.

Von

Markus Lorch writes (15:54 February 16, 2003):
 > I really think these contributions move the community forward and are 
 > needed, however, I would have welcomed some sort of announcement and 
 > discussion on the mailing list before the documents are submitted 
 > to the GGF website. 
 > 
 > The purpose of providing documents to the webmaster before a meeting is
 > to give "outsiders" a way to inform themselves of what the working group
 > is currently doing, what are its current products, and what will be 
 > discussed at the in-person meeting such that they can make an informed 
 > decision on attending/joining. I do not think these two documents serve 
 > that purpose. To mitigate this issue, we could probably have a short 
 > presentation on these docs under the agenda point of "Status of ongoing 
 > web services security work". Is that what you planned Raj, Marty?
 > 
 > In general this raises the question of how do these documents fit into 
 > the charter "The purpose of the OGSA Security WG (OGSA-Sec) is to 
 > enumerate and address the Grid Security requirements in the context 
 > of the OGSA." ?
 > 
 > These documents present "bottom-up draft specifications". A secondary
 > task 
 > of this WG is to spawn other WGs to address such approaches. Is this a
 > case
 > where we need to spawn of another short-lived, specialized group?
 > 
 > Otherwise, in the general spirit of having very precise and focused
 > charters
 > in GGF, we should possibly consider to modify the charter to allow for
 > such 
 > work. 
 > 
 > Comments, thoughts?
 > 
 > Three comments on the SAML doc:
 > 
 > - 3.1.6 "capability" may be the incorrect term here. In traditional 
 > scenarios a capability has two explicit components: the right it 
 > provides and the object this right can be used on, the holder of the 
 > capability (and thus who can use it) is implicit. (this is the
 > complement to an ACL, where you have holder and right explicit and 
 > the object is implicit) 
 > The way such push scenarios are often implemented (e.g. in PRIMA, see
 > zuni.cs.vt.edu/grid-security) all three components are explicit. A 
 > better term may be "privilege" or simply  assertion. I myself like 
 > privilege.
 > 
 > -3.1.7 You address the issue of server authorization, which I think 
 > is very important. Along these lines isn't it equally important for
 > a user/requestor to determine what subset of his rights should be used
 > for a specific access (may be used by the server to make an
 > authorization
 >  decision). This is where the push model comes into play where
 > the user can be in the loop and select the rights/privileges/assertions
 > that should be presented to the grid services. This is a way to provide
 > the user with the power to submit requests that leverage a
 > least-privilege
 > access scenario.
 > 
 > -8. Typo in Von's address : "University"
 > 
 > 
 > Markus
 > 
 > 
 > 
 > 
 > > -----Original Message-----
 > > From: owner-ogsa-sec-wg@gridforum.org 
 > > [mailto:owner-ogsa-sec-wg@gridforum.org] On Behalf Of Von Welch
 > > Sent: Saturday, February 15, 2003 3:19 PM
 > > To: ogsa-sec-wg@gridforum.org
 > > Cc: Frank Siebenlist; Laura Pearlman; Samuel Meder
 > > Subject: [ggf-ogsa-sec-wg] Two documents
 > > 
 > > 
 > > 
 > > All-
 > > 
 > >  We have a pair of documents we are submitting to you, the OGSA
 > > Security Working group, for consideration. Both of these documents
 > > represent bottom-up draft specifications of work we are actively
 > > doing. We like to get input from the community and derive GGF
 > > specifications from these drafts.
 > > 
 > > The documents are:
 > > 
 > >     *  "Use of SAML for OGSA Authorization"
 > > 
 > >     * "A GSSAPI profile for security context establishment and message
 > > protection using WS-SecureConversation and WS-Trust"
 > > 
 > >  Both of these documents have been submitted to the GGF webmaster for
 > > posting on the document page. They are also available now at:
 > > 
 > http://www.globus.org/ogsa/Security/
 > 
 > We will also send a note to the WG chairs and ask for discussion time
 > at GGF7.
 > 
 > Regards,
 > 
 > Von (for Frank, Laura, Sam and Von)
 > 
 > p.s. I'm writing this as I pack for vacation for a week so please be
 > sure to cc my colleagues during this time on any questions.
 >

Follow-Ups:
- RE: [ggf-ogsa-sec-wg] Two documents
  - From: "Markus Lorch" <mlorch@vt.edu>

References:
- [ggf-ogsa-sec-wg] Two documents
  - From: "Von Welch" <welch@mcs.anl.gov>
- RE: [ggf-ogsa-sec-wg] Two documents
  - From: "Markus Lorch" <mlorch@vt.edu>

Prev by Date: RE: [ggf-ogsa-sec-wg] Two documents
Next by Date: RE: [ggf-ogsa-sec-wg] Two documents
Previous by thread: Re: [ggf-ogsa-sec-wg] Two documents
Next by thread: RE: [ggf-ogsa-sec-wg] Two documents
Index(es):
- Date
- Thread