80 likes | 168 Views
Security Activities at OGF24. Security Area Meeting. Overview. Agenda of activities this week Group overview New initiatives Where to go from here?. Security Area. Groups OGSA-AuthZ-WG Wed 11.00 CAOPS-WG (which absorbed the LoA-RG) Tue 09.00-17.30 FI-RG (hibernating)
E N D
Security Activities at OGF24 Security Area Meeting
Overview Agenda of activities this week Group overview New initiatives Where to go from here? 2
Security Area Groups • OGSA-AuthZ-WG Wed 11.00 • CAOPS-WG (which absorbed the LoA-RG) Tue 09.00-17.30 • FI-RG (hibernating) New initiatives • Restrictions on Delegation (jointly with GIN) Wed 16.00 • Intrusion Detection BoF (relocated Rm2) Wed 09.00 Spawned Activities • FVGA WG on firewall virtualisation interface Wed 14.15 3
OGSA-AuthZ interoperability and plug-ability of authorization components • Last four (4) documents submitted to PC over summer • Three of these still pending (Oct 2/5 deadline) ... David Chadwick has the full introduction to the OGSA-AuthZ WG 4
CAOPS-WG • Recommendations for CAs (and identity providers) and documents on ‘best practices’ • Charter Review • Authentication Service Profiles: authN policy criteria classification • Audit Guidelines • Subject entity name uniqueness policyrequirements and guidelines for software implementors • LoA Gap Analysis • Towards a CP/CPS Template • International Grid Trust Federation workshop as well 5
Firewall Issues RG ‘control data transport policy enforcement devices’ • Last document of the RG in PC‘Requirements on operating Grids in Firewalled Environments’ • Based on their work the new FVGA WG has started! • Wednesday, 14.15 • Group will now ‘hibernate’ – since not all firewall issues are solved yet 6
Restricting Delegation • Joint effort initiated by GIN/Unicore (MorrisR) • UNICORE identified use cases for both delegation and restricting these in sensitive (industrial) environments • Syntactic issues are ‘easy’ to solve and standardize (but needed both in the WS-* space and in RFC3820 proxies) • Semanticswhat do we restrict? What combinations make ‘sense’ for a service)? This needs a bit of study • BoF this week to gauge interest in both topics 7
Were are we going? Security related work is going on in various OGF groups • addressing security aspects of specific protocols or binds • e.g. OGSA Security BP 2.0, etc. • means security is becoming integral to services and the security area is ‘shrinking’ ... is our work now ‘complete’? • still lack of ‘cross-fertilization’ between specs and implementation • issues regarded as ‘done’ in one infrastructure are seen as ‘obstacle’ in others • and there are only few specs (with a couple now in PC) • Are we not ‘good’ in documenting what we do, or do we not work on the things that are of most interest to the community?and if so, can we see where the gaps are? • but most vendors/products seem not interested in ‘internals’ of a security service, but focus on how to integrate security/access control in their service native mechanisms • ‘Invite’ work on topics relevant for the community by new people? • or does our current crowd have the space cycles left to work on new issues 8