This is a static archive of the previous Open Grid Forum Redmine content management system saved from host redmine.ogf.org file /dmsf_files/7339?download= at Fri, 04 Nov 2022 15:49:55 GMT
website: http://calder.ncsa.uiuc.edu/ACE-grid elist: ace-grid@gridforum.org ACE-Grid Research/Working Group GGF4: ACE Research Group Update February 17-19 2002 Jason Leigh, Michael Papka, Rick Stevens, Tom Coffin Meeting notes: Attendees: Jason Leigh spiff@evl.uic.edu Tom Coffin tcoffin@ncsa.uiuc.edu Von Welch welch@mcs.anl.gov Derek Simmel dsimmel@psc.edu Deb Agarwal daagarwal@lbl.gov John Brooke j.m.brooke@man.ac.uk John Hicks jhicks@iu.edu Kazuyuki Shudo shudo@ni.aist.go.jp Toshio Hirayama hirayamt@koma.jaeri.go.jp Anthony Milinowicz amilinow@ncsus.jnj.com Alasdair Earl aearl@ed.ac.uk Mary Fran Yafchak maryfran@sura.org Rob Simmonds simmonds@cpsc.ucalgary.ca Todd Brouck????? Sami Sarhan sarhan@cs.fsu.edu Brian Corrie brian.corrie@newmic.com Mathias Moller Mueller@hlrs.de Cees de Laat delaat@science.uva.nl Kevin Harris Kevin.harris@compaq.com Markus Lorch mlorch@vt.edu Pat Moore pcmoore@sandia.gov Jimmy Scott jcs@sgi.com Yuri Demchenko demch@terena.nl Mary Thompson mrthompson@lbl.gov Bob Olson olson@mcs.anl.gov Agenda: Monday Feb 18, 2002, 10:30-12:00 - Conf Room E - Introduction of Goals of ACE for newcomers, and recap of previous ACE meeting (10 mins, Jason Leigh). - Short presentations on security for ACEs (10-15mins each). - Security Requirements for the AccessGrid (Bob Olson- Argonne National Lab) - Community Authorization Service (Von Welch- Argonne National Lab) - Securing Collaborative Communication (Deb Agarwal- Lawrence Berkeley National Lab) Tuesday Feb 19, 2002, 10:30-12:00 - Conf Room E - Draft a Grid Working Document summarizing Grid security requirements of ACEs based on ACE community feedback. Document should include action items to followup. - Discussion of holding every other ACE meeting over AccessGrid. - Brief introduction to the TeraGrid and how it impacts ACEs (Bob Olson). Advanced Collaborative Environments Research Group complements other Grid Working Groups by providing human-centered techniques and technologies for facilitating interactive, collaborative, and immersive access of Grid resources from any where and at any time. ACE RG is the first GGF group to hold a GGF meeting over AccessGrid (for GGF3). Meeting included participants from US, UK, Amsterdam, Germany. (feedback?) Current focus is on defining Grid services needed by ACEs. First target is specifying group security requirements of Grid ACEs. Goal is a citeable Grid Forum Document that is authored by members of the ACE research community. AccessGrid Retreat - San Diego Registration deadline Feb 25 Meeting: Mar 4-5 Security Requirements for the AccessGrid (Bob Olson- Argonne National Lab) Current AG security works on a use of acl operating system permissions - but we are planning to look more at Globus security mechanisms Have deferred problem of group authentification on ACCESSGRID until we can handle individual authentification so the idea is to implement security based on the physical hardware involved in the "room" Tuesday we will draft a list of requirements for the security group tomorrow Community Authorization Service (Von Welch- Argonne National Lab Unrestricted proxies Restricted proxies Authorization for virtual communities - no central data base problem is this can be very unscalable. Expressiveness in permissions (flexibility) CAS - Community Authorization Service Communities as one big user Provides a central data base server The idea is that you bring the CAS servers down to the point so that there is one administrator that knows what's going on for that community Notion: the body who authorizes the user is in the end accountable - so this gives a sizable size of how large the groups can be - this thinking is based on billing needs for computing time. Is there a survey for use models? Guidelines about contextual relationships - who has to pay in the end? Guidelines for building these communities RfC's - there are 3 or 4 basic models CAS being one of them Software release of CAS is coming out shortly - the use s to date has been in demonstrations only - with this public release the prime use will be grid-ftp - that is the initial release. Securing Collaborative Communication (Deb Agarwal- Lawrence Berkeley National Lab) (See pdf file) Basic collaborative factors: Participants are occasional and from a divers set of organizations Not a single environment - composed of many software components. Accessing and dynamically changing permissions to show people things while you are in a collaborative meeting. Single sign on Akenti is another authorization program like CAS Secure Group Layer - anybody can join and leave the group dynamically and keep strong security goals Cross domain authentification is needed Best practices documents - what can we do today - what requirements did we not address? The CAS the Akenti the GSI - which do we use when? Missing items: dynamic authorizatiuon How do we build trust? General discussions: I do tele-immersive environments - what is the template for security that I can plug in? Basically we have lot's of question to put together a draft for submitting - what uses/models do you need? Also what about .coms what are your needs? What levels of security types do we expect for what streams - especially in a multicast environment - what are the differences of CAS and Akenti There are .coms (placeware) that are providing commercial netmeeting like companies manage security PKI - is about the public key - the private keys are the hard issue - how do we protect that I this group wanted to do a survey - are we looking for needs or are we trying to discover possibilities? Is there a need for independent auditing groups? With companies and defence agencies this is useful in academic environments it seems that auditing is usually only done after some form of break in has been discovered.