website: http://calder.ncsa.uiuc.edu/ACE-grid
elist: ace-grid@gridforum.org

ACE-Grid Research/Working Group
GGF4: ACE Research Group Update
February 17-19 2002
Jason Leigh, Michael Papka, Rick Stevens, Tom Coffin
Meeting notes:
Attendees:
Jason Leigh		spiff@evl.uic.edu
Tom Coffin		tcoffin@ncsa.uiuc.edu
Von Welch		welch@mcs.anl.gov
Derek Simmel		dsimmel@psc.edu
Deb Agarwal		daagarwal@lbl.gov
John Brooke		j.m.brooke@man.ac.uk
John Hicks		jhicks@iu.edu
Kazuyuki Shudo		shudo@ni.aist.go.jp
Toshio Hirayama		hirayamt@koma.jaeri.go.jp
Anthony Milinowicz	amilinow@ncsus.jnj.com
Alasdair Earl		aearl@ed.ac.uk
Mary Fran Yafchak	maryfran@sura.org
Rob Simmonds		simmonds@cpsc.ucalgary.ca
Todd Brouck?????
Sami Sarhan		sarhan@cs.fsu.edu
Brian Corrie		brian.corrie@newmic.com
Mathias Moller		Mueller@hlrs.de
Cees de Laat		delaat@science.uva.nl
Kevin Harris		Kevin.harris@compaq.com
Markus Lorch 		mlorch@vt.edu
Pat Moore		pcmoore@sandia.gov
Jimmy Scott		jcs@sgi.com
Yuri Demchenko		demch@terena.nl
Mary Thompson		mrthompson@lbl.gov
Bob Olson		olson@mcs.anl.gov


Agenda:
Monday Feb 18, 2002, 10:30-12:00 - Conf Room E
-	Introduction of Goals of ACE for newcomers, and recap 
	of previous ACE meeting (10 mins, Jason Leigh).
-	Short presentations on security for ACEs (10-15mins each).
-	Security Requirements for the AccessGrid (Bob Olson- Argonne National Lab)
-	Community Authorization Service (Von Welch- Argonne National Lab)
-	Securing Collaborative Communication (Deb Agarwal- Lawrence Berkeley National Lab)
Tuesday Feb 19, 2002, 10:30-12:00 - Conf Room E
-	Draft a Grid Working Document summarizing Grid security 
	requirements of ACEs based on ACE community feedback. 
	Document should include action items to followup.
-	Discussion of holding every other ACE meeting over AccessGrid.
-	Brief introduction to  the TeraGrid and how it impacts ACEs (Bob Olson).
 

Advanced Collaborative Environments Research Group complements other 
Grid Working Groups by providing human-centered techniques and technologies 
for facilitating interactive, collaborative, and immersive access of Grid 
resources from any where and at any time. 
ACE RG is the first GGF group to hold a GGF meeting over AccessGrid (for GGF3). 
Meeting included participants from US, UK, Amsterdam, Germany. (feedback?)
Current focus is on defining Grid services needed by ACEs. First target is 
specifying group security requirements of Grid ACEs. Goal is a citeable Grid 
Forum Document that is authored by members of the ACE research community.
AccessGrid Retreat - San Diego
Registration deadline Feb 25
Meeting: Mar 4-5



Security Requirements for the AccessGrid (Bob Olson- Argonne National Lab)

Current AG security works on a use of acl operating system permissions - 
but we are planning to look more at Globus security mechanisms

Have deferred problem of group authentification on ACCESSGRID until we can 
handle individual authentification so the idea is to implement security based 
on the physical hardware involved in the "room"

Tuesday we will draft a list of requirements for the security group tomorrow

Community Authorization Service (Von Welch- Argonne National Lab

Unrestricted proxies
Restricted proxies
Authorization for virtual communities - no central data base problem is 
this can be very unscalable.
Expressiveness in permissions (flexibility)
CAS - Community Authorization Service
Communities as one big user
Provides a central data base server

The idea is that you bring the CAS servers down to the point so that there 
is one administrator that knows what's going on for that community

Notion: the body who authorizes the user is in the end accountable - so this 
gives a sizable size of how large the groups can be - this thinking is based 
on billing needs for computing time.

Is there a survey for use models? Guidelines about contextual relationships - 
who has to pay in the end? Guidelines for building these communities


RfC's - there are 3 or 4 basic models CAS being one of them

Software release of CAS is coming out shortly - the use s to date has been in 
demonstrations only - with this public release the prime use will be grid-ftp - 
that is the initial release.

Securing Collaborative Communication (Deb Agarwal- Lawrence Berkeley National Lab)
(See pdf file)
Basic collaborative factors:
Participants are occasional and from a divers set of organizations
Not a single environment - composed of many software components.
Accessing and dynamically changing permissions to show people things while you 
are in a collaborative meeting.
Single sign on
Akenti is another authorization program like CAS
Secure Group Layer - anybody can join and leave the group dynamically and keep 
strong security goals
Cross domain authentification is needed
Best practices documents - what can we do today - what requirements did we not 
address?
The CAS the Akenti the GSI - which do we use when?
Missing items: dynamic authorizatiuon
How do we build trust?


General discussions:
I do tele-immersive environments - what is the template for security that I 
can plug in?

Basically we have lot's of question to put together a draft for submitting - 
what uses/models do you need? Also what about .coms what are your needs?

What levels of security types do we expect for what streams - especially in a 
multicast environment - what are the differences of CAS and Akenti

There are .coms (placeware) that are providing commercial netmeeting like 
companies manage security

PKI - is about the public key - the private keys are the hard issue - how do 
we protect that

I this group wanted to do a survey  - are we looking for needs or are we 
trying to discover possibilities? 

Is there a need for independent auditing groups? With companies and defence 
agencies this is useful in academic environments it seems that auditing is 
usually only done after some form of break in has been discovered.