OGSA Teleconference March 01, 2004 ================================== * Participants Bill Horn (IBM) Fred Maciel (Hitachi) Takuya Mori (NEC) Jem Treadwell (HP) Andreas Savva (Fujitsu) Frank Siebenlist (ANL) Latha Srinivasan (HP) Ravi Subramaniam (Intel) Jeffrin VON-REICH (HP) Apologies: David Snelling, Andrew Grimshaw * Summary of Actions: Action: Hiro to update GGF10 schedule and discuss on Thursday's call. Action: Frank to come up with working definition of these two concepts (participation, membership) and discuss at a later time. Action: Takuya to make policy description more concrete since 'policy' is overloaded term. Action: Takuya/Frank to define 'participation' more precisely Action: Jeffrin to prepare 5-6 slides as summary (by the weekend before GGF) and Hiro will do the presentation at GGF10. Action: Jem to upload glossary by end of this week. * Early Discussion ** Approved February 23, 26 minutes. ** GGF10 update - Ian Foster cannot attend (See email on OGSA-WG ML) - Jeff Nick will attend. Hiro is arranging for Jeff to give a presentation. - The (group) deadline for putting text in ogsa document before GGF10 is the end of this week. Action: Hiro to update GGF10 schedule and discuss on Thursday's call. * Security discussion - Takuya updated January OGSA F2F slides. - Ref: http://www-unix.gridforum.org/mail_archive/ogsa-wg/2004/03/msg00003.html - (The service description document is not updated yet.) - Frank is contacting OGSA-Authz WG to present these slides at GGF10. - The presentation is in two parts: - 1. Overview material that probably fits into Chapter 4 of OGSA document. - 2. Service outline, which when fleshed out go into Chapter 6. - There is still some ambiguity in the definitions. - Hiro is interested in the gap between WS and Grid. E.g., does the VO definition bridges this gap? - Frank: Services may be just generic web services; discuss terms such as contract and decide if they are appropriate. ** Contract definition (p2) - Set of terms agreed by VO members (to become VO members) - E.g., who can use what and by how much - Initial VO member: A person that forms new VO (personally or on behalf of an organization) - "Contract is human readable document" - Why restrict contracts to be only human readable? For example allowing machine form (e.g., WS-Agreement) would address automated mechanisms to negotiating services joining the VO. Also Frank would expect that some VOs would be formed dynamically on demand. - Difficult to formulate in general and doubts that richness of human negotiation can be captured in machine form for all contract negotiations. Conclusion: Modify text so that it does not exclude machine representations. Allow them, but also state that it may be difficult to do so for all contracts. - Different types of contracts - Possible scenario to do pre-negotation between humans and after the high level agreement (human contract) is reached then an automated process can also be supported. E.g., a high level contract between a univesity and super conmputing center then allows for simpler more specific contracts between members of the organizations. The simpler contracts can be automated. Conclusion: There are different types of contracts. High level contracts are reached between humans. These contracts then can be used to allow for simpler automated contract formation. - This presentation uses "contract" to mean "high level contract" - In later slides the relationship between contract and policy and then mechanism between contract and policy is also discussed. - Difference between contract and policy? - Policy enforces agreed content of contract - Isn't the automated contract going to be just a set of policy statements? - Result of a contract is a set of policy statements that can be used to enforce contract. - Establishement of high level contract itself may be too ambiguous to automate. - As another example, both levels of contracts may talk about maximum allowed time; but these times may be derived differently (automated or not) and may address different time granularities. (E.g., High level contract may be in terms of months or years, low level may be in terms of hours or days.) - Can contract change after VO creation? - Yes. It is possible but not addressed in the presentation. ** What is contract (p3) - Contract is specific to the VO - Agreed that higher level contract definition is out of scope for OGSA - Higher terms and conditions should be translated into a policy language that can express time of usage, quantities, etc. - These terms and conditions will then have to be enforced within a VO (by some OGSA service). - Therefore OGSA will have to define what those statements are. (At the example or requirement level perhaps. E.g., resources are available 9-5.) - And then feed back into related groups, e.g., WS-Agreement or Authorization WG, or newly formed Authority Recognition Research Group, etc. - Participation vs membership - Are these different concepts or not? - Maybe have no choice for membership (registered by some other authority) - Participation out of own choice - Seems more like different shades of membership rather than separate concepts. - Comes down to how the membership was established and what privileges/obligations are associated with membership/participation. - Might be a distinction that should be made. Action: Frank to come up with working definition of these two concepts (participation, membership) and discuss at a later time. ** Relationship of policy and contract (p4) - Policy statements are an implementation of contract - Policy statements are machine readable, e.g., authorization policy Action: Takuya to make policy description more concrete since 'policy' is overloaded term. ** Participation (p5) Action: Takuya/Frank to define 'participation' more precisely ** Basic configuration (p6) - Note that terminology differs from that used in the last OGSA F2F. - Authentication is different from Identity Federation (that was on the F2F slides) - Frank: Identity federation is just an attribute service. - Authentication service may be something like a kerberos service - Primitive service; might also establish the secure context for a conversation. - might support more than one specific mechanism - VO Mgmt included VO policy in F2F slides - There is also another policy service (= authorization policy service in F2F slides): Still unclear. - Text box next to VO mgmt: "User and Resource memberships are stored" - membership vs participations (see earlier discussion) ** Policy service (p9) - It is an Authorization Policy Service - Frank: This a Policy DB or Registry or Repository service. It does not make decisions on its own; it provides policies to other services to make decisions. ** Authorization service (p10) - It is an Authorization Decision Service. ** Actions (p11) - Trying to arrange for a slot in one of the OGSA-AuthZ sessions at GGF10 to give this presentation. - Do not need a slot in an OGSA session. - Will report back to the OGSA group on progress. - (This is an example of how the OGSA group should work; do some work internally and then take it out to other related groups.) * Use case - Updates: - Hiro, Jem and Jeffrin finished their technical reviews. - Dave sent revised (still partly incomplete) reality grid use case. - Plan to submission - Jeffrin will do technical review of remaining UCs. - Jeffrin will produce and send out a document with all reviewed use cases by the middle of this week (Wed. latest). The document type will be changed to Informational. - Jeffrin will arrange for english review of the technically reviewed document internally (HP). - Final (short) review on list. - Talk about major unresolved points, if any, on Thursday's call. - Submit to GGF and GGF Editor after that. (End of this week.) - Incomplete use cases (including Reality Grid) - Jeffrin will split off the incomplete UCs into a different document. These are just as valid as the reviewed ones but simply are not in the right format or are incomplete at this time. (The plan is to brush them up and submit at a later point in time.) - If finished by **Wednesday evening US Mountain time** then will add to the UC document. - Please review recently submitted ones and say whether they should be included or not. - GGF10 planning - Jeffrin won't be attending GGF10 - There is no UC session but Hiro would like to have a short presentation explaining what was achieved. Action: Jeffrin to prepare 5-6 slides as summary (by the weekend before GGF) and Hiro will do the presentation at GGF10. * Glossary - Jem added some CMM term definitions and did a general tidy up. - Send new definitions as soon as possible. Action: Jem to upload glossary by end of this week. * Utility Computing WG (DMTF) - Jeffrin is active in this WG. - Noticed possibility of overlap with OGSA. This group also talks about architecture (but they note OGSA and GGF work). Their charter seems close to OGSA. - Jeffrin will give them a talk about OGSA after GGF. - Looking into possibilities to interact. E.g., One of the Utility Computing WG co-chairs has attended OGSA-WG teleconfs (Tom Maguire) while the other just joined OGSA WG on Gridforge - More general issue of looking into ways of interacting not just as OGSA-WG but also as GGF (possibility of more formal liaison mechanism to be established by GGF). - Jeffrin will be OGSA liaison (for now) with Utility Computing WG. - More OGSA people are urged to join the Utility Computing WG.