OGSA Naming Teleconference - 1 November 2004 ============================================= * Participants Ravi Subramaniam (Intel) Frank Siebenlist (ANL) Andreas Savva (Fujitsu) Takuya Mori (NEC/ANL) Mark Morgan (UVa) Hiro Kishimoto (Fujitsu) Bill Horn (IBM) Andrew Grimshaw (UVa) Mike Behrens (R2AD, LLC) Minutes: Andreas Savva * Review of "Naming in Distributed Systems" - Dated Oct 5 https://forge.gridforum.org/projects/ogsa-wg/document/ogsa-naming/en/3 - Andrew added sections on - Motivation: These are the standard transparencies - Use cases - Slant is towards transparency issues - Andrew thinking of adding use cases for identity & security - An example that came up at an earlier call was how to select a 'resource' at a specific location, e.g., a specific conference room. Might be worth adding as a use case (or non-use case) that can be supported using facilites that exist at a higher level than the ones described here (naming location transparency). - Use case names do not make clear the distinction between the four use cases listed. - E.g. migrate from failing resource (planned migration, done transparently) vs - Recover from failure (unplanned migration) - Andrew to make use cases titles more distinctive, possibly merging ones which are not distinct enough. - Reviewed properties - Unique: make clearer that 'name' is 'abstract name' - Identity: if name is unique is it an identifier? Need assertion by some other entity. (Possibly implicit) - Authentication: do not have a guarantee that the 'holder' (of the name) is the correct entity. - Comparable: related to 'unique' above - many to one "abstract name" to resource possible - (same resource / defined already) - Performance: - It is resolution performance of abstract names to addresses - Does it refer to absolute time? - It is 'application dependent' but need to be able to get good performance - Caching can help - Language neutral: not dependent on a specific programming language - Andrew to also add i18n requirment. - Started an initial attempt (incomplete) to prioritize/sort properties into classes... - Tier 1 (Most important) - Uniqueness - Sameness - Identity - Authentication - Large name space -... - Second tier - Widely adopted - Not require trust -... - Got sidetracked into a discussion of whether the "Naming & identity connection is inherent or not." - If connection is not inherent (as implied in the document) then there is another outside mechanism to associate 'name' with 'identity.' - With different environments having different 'implicit' assumptions on how secure resolution is. E.g., trust implicitly infrastructure services to give right answers. - But should call these assumptions out even if they are meant to be implicit. - There are also different levels of trust; e.g., trust resolution vs cryptographic identity guarantees - Connection between name & identity becomes heavy-weight only when requiring strong guarantees. - Not just strong guarantee aspect but also that these are separate concepts and should be treated separately. - Also different namespaces or schemes (e.g., local or global) might provide different guarantees. - Identity here does not mean cryptographically strong identity (e.g., not a certificate) - (Identity as a unique (single) 'string'; many 'names' that can point to it; and there is an additional mechanism to bind them.) - Another issue is how identity assignment is done. - Is it done outside the named entity by some other authority or is it done by the entity itself. - (Two different models: pgp & ca based approaches) - Is identity represented by a unique tag or some information that is bound together (by some authority)? [ - Global namespace is union of local namespaces: a local name can be made global by, for example, appending the local name to a unique global prefixes. - Local and global name schemes definitions - Take a global name scheme (e.g., x509) and compare with other ones, e.g., on heavyweightness. - Frank sent out a pointer to the list: http://www-unix.gridforum.org/mail_archive/ogsa-wg/2004/11/msg00007.html ] - It became clear that 'unique,' 'name,' 'identity' are not used in the same way by all participants. Agreed that before proceeding further need to refine and make sure that there is a shared definition. - Frank: Maybe a good idea to go through a few examples and point what each concept means. Action: Andrew to do first draft of what 'unique,' 'name,' 'identity' mean and discuss these again. - Also using examples like Frank suggested. - Frank to help. * V1 comment review - Comment that Glossary and V1 are inconsistent. - Decided to replace statement in V1 "The abstract name may not be globally unique" by "uniqueness is under discussion" - And also revise the glossary accordingly. - Also remove the word 'unique' from the 'Name' definition in the glossary.