[ogsa-wg] [ogsa-authn-bof] Notes from Joint OGSA WG AuthN/AuthZ call
blaird at microsoft.com
Fri Jun 22 13:13:26 CDT 2007
Comments and questions in-line.
Alan Sill wrote:
> > The question to ask here is whether grids should move toward
> > relying on web services as the basis for interoperability? There is
> > certainly a strong push in this direction, which I support. Web
> > services are based on the use of SOAP messaging. WS-Security's
> > official name is "Web Services Security: SOAP Message Security".
> > Hence, the focus on SOAP messaging. If one wishes to use other
> > protocols, such as RPC, there are other security standards
> > which are appropriate.
> I understand and agree completely, and my own grid effort (TIGRE) is
> based on web services-based implementations of grid services only.
> I simply point out that it it technically possible to take the same
> WSDL and XML and (in some cases automatically) generate code that can
> implement the same grid services through other mechanisms.
I doubt you will find any broad interest in developing standards for this. It is certainly not a commonly used approach that people have a lot of experience with. I fear going down this path will derail the proposed AuthN work.
> > While there are certainly interesting AuthN topics to
> > discuss which go beyond the identified 'express' work, I am very
> > concerned about having two AuthN groups working in parallel.
> The efforts are already essentially combined. We pulled back on
> pushing the OGSA-AuthN work forward in order to be able to complete
> work on the current document series. My sense is that this work is
> now reaching a mature state and that the charter work can go forward
> on defining the AuthN body of work. The HPC-profile work done and
> now going on can be regarded as the first set of output from this
> combined effort.
I'm confused by your statement that they are "essentially combined". Perhaps you and Andrew can clarify? The scope and technical approach for the 'express' profile work is still being discussed, so it doesn't seem to be in a mature state. The plan seems to be to continue the 'express' work in parallel with a separate OGSA AuthN charter discussion. I'm still concerned potential AuthN contributors will have trouble engaging with two independent efforts, to the detriment of both. The HPCP work can certainly be seen as a precursor, but is an independent effort which is not an OGSA specification.
More information about the ogsa-wg