GGF Site Authentication, Authorization and Accounting Research Group

Group name: Site requirements for Grid Identity & AAA
Chairs: Dane Skow, Shawn Mullen
Secretary/Document Editor: Bob Cowles
Mailing list: security-wg@gridforum.org
Web Site: http://www.ppdg.net/site-aa/GGF-SiteAAA-RG/

Purpose: The purpose of this research group is to collect and codify
 the requirements of existing grid resource sites with respect
 to the acceptance of grid credentials for access to their services.
 Where those requirements are non-uniform, or even mutually exclusive,
 the group will strive to recommend hooks which grid toolkits or
 applications should provide for the sites to insert their own
 implementations of their requirements.

 Examples of large site requirements may include the following
   Feature requirements: Control points, Initiator identification,
      Uniqueness of identities;
   Operational requirements: strength and robustness,
      interoperability, scalable sitewide authorization controls.

The output of this research group will be an informational or community
practices GGF document which grid application and library coders can use
as a reference guide, and suggestions for future development work in GGF
working groups.

Milestone:
        October 1, 2002         Populate website with links to existing
                                requirements efforts/documents.
        October 15,2002 (GGF6)  Draft outline of requirements document
                                determine section editors
        Feb 1, 2003             Circulate Full draft of requirements document
        March, 2003 (GGF7)      Put Requirements document up for review
        June, 2003 (GGF8)       Finalize

Document with resolution of all comments from RG "last call" is available. Barring immediate objection, it will be submitted to the GGF Editor on Monday, Feb 2, 2004.

Document has now entered RG "last call" to complete by January 19, 2004. All comments and issues should be sent to sa3-rg@ggf.org as soon as possible.

Current agenda for GGF8 has one meeting slot. We will use this to discuss points in need of resolution from our online walkthrough of the current draft. We are approximately 3 months behind the original milestone schedule, but holding to that since GGF8.

There are a number of efforts going on within particular communities to identify and address security requirements. The list below is intended to link to those of which we are aware. Additions/corrections to this list are solicited.

• The European Data Grid (EDG) has several documents on Security considerations.
  • Security Requirements
  • Resource Management Requirements
• The Particle Physics Data Grid (PPDG) has drafts in progress of requirements and issues regards Authentication and Authorization. Auditing (or Accounting), as the third "A", has not yet been engaged.
• The Internet2 Organization has a Security Working Group working on Security requirements for their operations.

The BOF at GGF5 was encouraging formation of this group with a charter to include sites generally, without the "large" qualifier. Minutes were reported to the mailing list.

We scheduled meetings at GGF6 to carry on this work. The GGF6 agenda reflects the discussion on the security-wg@gridforum.org mailing list.

The agenda for GGF7 had one meeting slot used to walk through the Accounting section. Commitment made to create single document draft before next meeting in June.

Page last updated: 20 June 2003