1 / 8

GGF9: OGSA Authorization WG (OGSA-Authz)- FYI Only

GGF9: OGSA Authorization WG (OGSA-Authz)- FYI Only. Edited andAmmended by Alan J Weissberger Data Communications Technology ajwdct@technologist.com [OGSA= Open Grid Services Architecture]. Authors: Von Welch (vwelch@ncsa.uiuc.edu)

nairi
Download Presentation

GGF9: OGSA Authorization WG (OGSA-Authz)- FYI Only

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. GGF9: OGSA Authorization WG(OGSA-Authz)- FYI Only Edited andAmmended by Alan J Weissberger Data Communications Technology ajwdct@technologist.com [OGSA= Open Grid Services Architecture] Authors: Von Welch (vwelch@ncsa.uiuc.edu) Rebekah Lepro, Andrew McNab and rest of OGSA-Authz participants

  2. AuthZ WG Requirements/Goals • Define and allow for interoperability between OGSA Services and different Authorization Services (TBD) • Define use cases & requirements for service • Do not mandate Authorization mechanisms • Define small number profiles for mechanisms to allow interoperability [do not invent new mechanisms] • Build from WS Security work; add specification for Grid-specific stuff • E.g. Service Data, Instances, Virtual Organizations • Feedback to relevant standards body (OASIS, IEEE 802.1?) OGSA cross WG discussion: OGSA-Authz

  3. ACPolicy Attributes Architecture/Model OGSA Service Request Client ServiceRequest? Yes/No Authorization Service OGSA cross WG discussion: OGSA-Authz

  4. AuthZ WG Methodology • Determine and document requirements for each of Authz Interface, Attributes, Authz Policy • Specify one or more bindings of how to use existing technologies (as volunteers emerge) • E.g. Attributes in X.509 ACs, Authz Interface in SAML OGSA cross WG discussion: OGSA-Authz

  5. Proposed Grid Services/portTypes for Authorization Service • At least 1 portType for AuthzService that supports both SAML and XACML • Others possible – e.g. for WS-Trust/Authz, • No reference to IEEE 802.1x or LinkSec! • Should either be included as mechanisms? • AuthZ management for attributes and policy • Other portTypes for management of Authz service would be useful, but out of scope OGSA cross WG discussion: OGSA-Authz

  6. Mechanisms Being Considered for Grid Authorization OGSA cross WG discussion: OGSA-Authz

  7. SAML and XACML OGSA cross WG discussion: OGSA-Authz

  8. X.509 Certificates X.509 Certificates, with ASN.1 encoding, are also being considered for Grid authentication OGSA cross WG discussion: OGSA-Authz

More Related