OGSA F2F Interim Meeting 17 - Day 2
===================================

  March 16, afternoon
  General session

* Participants

  Dave Snelling
  Chris Kantarjiev
  Jay Unger
  Ellen Stokes
  Allen Luniewski
  Fred Maciel
  Michel Drescher
  Steve McGough
  Donal Fellows
  Hiro Kishimoto
  Mark Morgan
  Andrew Grimshaw
  Frank Siebenlist
  Andreas Savva

  Dial in: Duane Merrill

  Minutes: Andreas Savva

* General discussion

** Document Schedule review

  - Schedule updates made to powerpoint slides by Hiro

  - Discussion on using wiki for document development in the context
    of the "Information Modeling in OGSA" document. 
    - Need to define guidelines for use and relation to document
      publication.

** Interoperability 

   Hiro drew up table with specs vs groups willing to take part in an
   interoperability.
   - Identified who leads the creation of the test cases for each
     specification

* OGSA Security - Authentication

  Additional Dial in: Fred Brisard, Nate Klingenstein

  Minutes: Dave Snelling, Andreas Savva

  Andrew's presentation

1) Objectives (from Andrew's slides):
   - A simple profile, a la the HPC profile security section, to
     enable authenticated interaction between OGSA components
   - Based on existing profiles
   - Not compete with OGSA-AuthN-WG
   - Work with existing authentication evironments (GIN)
   - Don't recklessly alienate anyone
   - Don't deal with general delegation problem
   - AuthZ out of scope
2) Recap of how we got here:
   - HPC profile demo at SC highlighted that we are now at a stage
     where it makes sense to do OGSA service interop
     - Can't do interop for real without dealing with authN
   - Discussion amongst Grimshaw, Snelling, McQuire, and other
      un-indicted co-conspirators on need to keep it light-weight and
      non-controversial
   - OGSA Telecon’s on scope of OGSA-AuthN-WG 
   -  Strawman generated by Genesis II group
   - On-line discussion -- surprisingly (to me), no flaming Frank
      and Blair commented

3) See email from Dwaine and discussion document. 

4) Key Questions Do we do this?
   - Why isn't OGSA Secure Channel?
     - Was too strict for HPC Profile.
     - It gives us communication, but we need to pass some other token
       on to the next entity.
     - Mapping credentials work in all existing grid environment.
     - This proposal is not exclusive of Secure Channel, could be
       advertised in EPRs. 
   - Question called - By Dave Snelling.
     - Confirmed that we don't do delegation.
     - This might not provide details of the semantics, but would
       provide wire interoperability.
     - Consider mandating several fields in a SAML token as part of
       the profile.
     - Need use cases   more clearly defined.
     - We need to continue to sync with AuthN. 
     - Rough (but not unanimous) consensus achieved to proceed. 

5) Next Steps
   - Agreed to start work on such a 'quick' Authentication profile
   - Develop use cases:
     - Volunteers or people to contact: Andrew et al, HPC Profile
       (Andrew to talk to them), Frank (review), Michel Drescher
       (Unicore), (Steve McGough) GridSam, 
     - Not a separate document
     - Contact GIN about existing (delegation free) use cases. (Andrew
       to contact Erwin Laurie)
   - Present Straw man   to the OGSA Group. (before OGF20)
   - Target interop at OGF21
   - Publication by Jan 2008
   - Party at OGF2x 

6) Document Schedule
   - Draft by May 1
   - PC Oct 2007      
   - Published Jan 2008

7) Random comments:
   - Use WS-Sec plus WS-Trust as the basis of this profile.
   - AuthN is more interested in the contents of the Token, so OGSA
     can do this with out disrupting AuthN use.
   - Use the EPR to advertise the requirements.
   - We would need to define the semantics of any token we send, even
     in this simple profile, but this may rat hole the discussion.