Minutes of OGSA Authz Telcon 16 Oct. 06

Present:
Blair Dillaway
Von Welch
Yuri Demchenko
Frank Siebenlist
Takuya Mori
David Chadwick
Alan Sill

The CVS Requirements document has been updated with 3 additional requirements 
agreed at the previous meeting. There were no additional comments on this.

The revised Charter. Action on David. Ping the Steering Group and Area Directors 
about the revised charter. Nothing has been heard from them for a month.

Functional Components. It would be good if we could cover both permissions and 
attributes in our work, because at one level they are just meaningless strings that are 
handled by the CVS and PDP, but if we do, we need to clearly describe the differences 
and similarities between them. The primary focus of our work must be attributes but if we 
can cover both it would be excellent. If we do cover both, Blair said there may be an 
issue at the protocol encoding level, since we may not be able to use the same protocol 
for both attributes and permissions e.g. can SAML attribute assertions carry permissions 
as well, or will a different protocol be needed e.g. SAML authz statement. 
Action. David to update the document to include a discussion of these points.

VOMS Profile. VOMS may need to indicate a primary attribute and secondary attributes 
for some access control systems such as unix that have the concept of a primary group. 
However, the telecon felt strongly that the meaning of the primary type must be carried in 
the protocol explicitly, e.g. as a defined attribute type, and it cannot be implicitly carried 
in the sequence of the attributes. Blair noted that any implementation that requires 
ordering to signal semantics is fragile, especially when multiple AAs become involved, 
and each have their own default special implied semantics for the order of attributes. This will break since the implied semantics are bound to get lost or be different. Frank said that the semantics of the primary attribute are not really fully thought through anyway, and he 
suggested that David Groep and Valerio Venturi be invited to the next teleconference to 
explain the VOMS requirements more clearly.

Date of Next Meeting. Wednesday 8 November 2006. I believe the time will be winter 
season by then i.e.      
  7:00 US West Coast   
 10:00 US East Coast   
 15:00 UK
 16:00 Europe
  0:00 Japan