CAOPS Session OGF 21 16.10.2007 ------------------------------------- Note Takers: Licia Florio, Christos Kanellopoulos ------------------------------------- David Groep: Grid Certificate Profile ..................................... x The document has finished the public comment period as of October 8. A1: David Groep to send email to the CAOPS mailing list with answers to the comments A2: Christos Kanellopoulos to test IE7 with CA certificate that has been reissued A3: By Nov 6 a new version of the document should be available that will address all the comments. There is going to be one week afterwards for group comments and then it will be pushed to the editor's queue. Yoshio Tanaka: Audit Document .............................. x New version of the document was uploaded to GridForge - Christos Kanellopoulos: The document should provide a generic framework for performing audits on Grid IdPs. We should remove any statements on the preferred answers for each question in the document - Mike Helm: This looks very much like the spreadsheet that is being used within TAGPMA for CA accreditation. A4: Mike Helm to send the spreadsheet template at the CAOPS mailing lists A5: By end of November a new version of the document should be ready. Christos Kanellopoulos to help with the editing. David Groep: Name Constraints .............................. x Still waiting for the replies from the people at OGF 20 CAOPS session x The implementation details will be stripped off from the document and it will be focused on the requirements for providing namespace constraints at the policy lave. - David Chadwick: What we want to achieve with this document can be found in the initial X.509 specs that got completely twisted around '97. This is expected to be changed in the new versions of the X.509 document - David Chadwick: Wild-card matching, as it is expressed in the document, did not exist in the X.500 specs. Subtree matching was part of the specs though - David Groep: We've added wild-card matching exactly to perform subtree matching A6: David Chadwick to send details at the CAOPS mailing list [already done during the CAOPS sessions] A7: David Groep to update the document with reference to the documents that David Chadwick sent (if and where necessary) - Rachana Ananthakrishna: Globus will implement Namespace policies within 2008 Q1. Going to use the current policy language - David Groep: suggested that Globus eliminates the 1024 char limitation. A8: New version of the document by late December Mike Helm: OCSP Requirements for Grids ...................................... x The document was derailed from its initial scope during its development in the past two years. x We should revisit the document focusing on the Trusted Responder concept. x There is a lot of useful information within the document that could be used in future documents. x There is some work done in IETF that supersedes the document. However it is worth to look at Trusted Responder. Seems like the current trend is to use CRLs or short-lived certificates. - Mike Helm: Users seem to be happy with the current CRL solution. Even when they face problems, they prefer to (over) engineer around them. - Rachana Ananthakrishna: In order for Globus to start working on an implementation, they need to have specific requirements from the users A9: Mike Helm: New draft document by early January