AuthZ WG Home Documents: Framework Glossary Requirements Archive: GGF8 Minutes GGF8 Agenda Telco 2003-06-03 Telco 2003-05-27 Telco 2003-05-20 GGF7 #1 - GGF7 #2 GGF7 Agenda Telco 2003-02-26 Telco 2003-02-19 Telco 2003-02-12 Telco 2003-02-07 BOF Agenda BOF Minutes BOF Handout Related Efforts Current users: guest (web) guest (web) guest (web) |
Attendees: Markus Lorch Andrew McNab Mary Thompson Rich Baker Dane Skow Jim Basney Bob Cowles Call minutes: The call focused on the framework document. The outline that Markus sent in the minutes for section 4 was discussed. An updated outline, with volunteers for some sections, agreed upon in the call, is included below. The volunteers agreed to have their drafts ready for the teleconference next week (same time as this call). The requirements document was also briefly discussed. The consensus was to merge the requirements document into the framework document. Markus reviewed his discussion with David regarding the agent model. The crux of the issue is whether the enforcement point must be application-dependent. Markus gave examples of application-independent enforcement points (operating systems and sandboxes) for support of legacy applications. Markus and David will continue the discussion in search of consensus. Overview of Framework document: Scope of the Document to specify a conceptual grid authorization framework to classify existing and proposed authorization mechanisms with regard to this framework. This framework is intended as the basis for future API design and standardization work. What we have: Into to authorization topic (section 2) idea about the overall authorization architecture (section 3) - overview diagram that krishna made and Markus forwarded to the list enumeration and start at clasification of existing mechanisms etc (section 5) What we need to focus on:
3.1 AuthZ Model - Entities participating in authZ 3.2 AuthZ Protocols and format - Information exchanged between them 3.3 AuthZ Flow and hierarchy diagrams - take Krishna's overall diagram - take more detailed model diagrams from David and Markus --> then shake, don't stir and voila Markus will work on section 3 this week.
4.1 Trust Management (Mary) - definition of trust relationships - definition of authorities (sources of attributes, policies) - based on risk management principles 4.2 Privilege Management (Dane) - attribute authorities / tools for issuing + delegation - attribute repositories 4.3 Policy Management (more static than context, written in documents) (Mary) - policy authorities - policy repositories 4.4 Context (per session, constantly changing) (Andrew) - e.g. Time - Channel Transport - Message formats - authentication credentials/quality - Secure Channel vs. per Message Protection 4.5 Authorization Server 4.6 Enforcement Mechanisms - Application Dependent - Application Independent Other documents
in the framework doc |
| /public/users/mlorch/Grid-AuthZ/Telecon Minutes 2003-05-20 | Login | Web Editor | Full Editor |
| Last modified 6/24/03 12:51 PM by mlorch (history) Site contents | |