OGSA Telecon, 5 October 2006

Attendees
---------------
	Mark Morgan
	Duane Merrill
	Hiro Kishimoto
	Donal Fellows
	Jem Treadwell
	Dave Snelling
	Abdelsem Djaoui
	Chris Jordon
	Alan Sill
	Takuya Mori
	Andreas Savva

* Telecon Minutes Approval (28 Spet. 06)
	- Approved, no comment

* New Action Items

  AI-1005a: Alan Sill to have draft Charter ready before next
	    security telecon (Dave to help and only as stand in for
	    new area director).

  AI-1005b: People to send Dave Snelling more information, ideas for
	    more security calls to complete coverage

* Action Item Review
	- AI-0925a, Hiro to set up WIKI page
		-- Done
	- AI-0925b
		-- Jem has worked on quite a bit.  Expects to be done by Monday.
	- AI-0921i
		-- On todays Agenda, so close
	- AI-0915b and c
		-- To be resolved on next to next Monday, keep open
	- AI-0915f
		-- On Monday, agreed to have meeting room at IBM facility, still waiting on hotel information.

* Agenda Bashing

* Review Security Actions

* What is the best low hanging fruit to attack
	- Authentication?
	- Do we want to narrowly profile SAML for point to point authorization?
		-- Next step to be delegation
	- What use cases should we consider?
	- What other profiles for authentication should we look at?
		-- SAML?
		-- X509 Varient in which we conote identify with regards to WS-Naming (EPI)
		-- Federation of identity
			--- There are people solving this problem and we shouldn't re-invent
			--- SAML
	- What in the OGSA use case space.  If you plan to federate identity.
	- If your site has user name password, how do you federate that
	- One of the nice things about SAML is that you can have assertions that consolodate authentication domains.
		-- You may not have to have an X509 for that username/password
	- Equally important is authenticating the service to the user.
	- Need Auth Working group.
	- Shibolith
		-- You still need a source of identity (X509, or something)
	- Auth Schemes
		-- X509
		-- Kerberos
		-- Member Integrated Credential Service
			--- AD, LDAP, etc.
	- WS-Trust falls short of the mark
	- Seems optimistic to say that Shibolith does Auth, but it's being looked into seriously.
* BoF
	- Need to start preparation for a BoF
	- Alan Sill willing to take responsibility for pushing the process for getting a charter ready
	- AI-1005a: Alan Sill to have draft Charter ready before next security telecon (Dave to help and only as stand in for new area director).
	- Do we need more covereage if we have an active authorization and authentication working groups
		-- No, we need more covereage
		-- AI-1005b:  People to send Dave Snelling more information, ideas for more security calls to complete coverage
			--- Two weeks from today is the next security call.
* Next Output	
	- Charter for Authentication working group

* Security Profile Update
	- No progress for todays call
	- Need to check status of WS-I documents
	- Secure Channel Profile on next telecon

* Agenda for next security
	- Review Actions
	- Review status of BoF (charter)
	- Review status of secure channel profile