Agenda for GWS-WG sessions 1 & 2, Monday 14th May 2006


  • SSO security
    • Issues with TLS (listed in methods document)
    • Issues with digital signature (listed in methods document)
    • Issues with certificate chains (listed in methods document)
    • Any other changes to methods document before v1.0 WD?
    • Log-in/community services
    • Registering secures services
    • Delegation: details of delegation service interface
    • Arrangements for interop tests
  • Universal worker service
    • New spec: 4 possible application contracts
    • Which contract(s) shall we develop?
  • Experiences with grid
  • Experiences with CEA
  • VO Support Interfaces
    • Where are the implementations?
    • Log harvesting - VOSpace or not?
    • Any changes needed before v1.0 WD?



  • SSO methods document -> v1.0 WD
  • Plan SSO interop tests and assign volunteers
  • VOSI document -> v1.0 WD, OR
  • Define improvements to VOSI needed for v1.0 WD
  • Plan VOSI interop tests and assign volunteers
  • Decide which UWS contract(s) to implement


Notes from the sessions


  • NVO's prototype UAS was demonstrated.
  • NVO prototype operates a "weak" CA - only valid e-mail required to register.
  • Strong validation of registrations is being investigated. This may add extra elements to the SSO profile.
  • The pubcookie system is used to maintain SSO between web portals. This mechanism may become part of the SSO profile.
  • The UAS/community log-in process uses MyProxy and doesn't specifically need a web-browser. Use of MyProxy (as opposed to WS-Trust) was reaffirmed for the v1.0 standard.
  • AstroGrid's prototype was demonstrated: community login + digital-signature of request to a service.
  • There is an open issue of what names for users are presented to services. Currently only X.500 from certificates. Is this enough? Do we need to correlate different X.500 DNs for the same scientist?
  • Authenticate-methods spec. got four clarifictions and can now go to v1.0WD immediately.
    • Decision: services using TLS are expected to support RFC3820 proxy-certificates. This may rule out regular TLS implemenations.
    • Decision: no IETF extensions to TLS (other than RFC3820) need be supported.
    • Decision: doesn't matter which version of WS-Security is used, support them both (later resarch showed that it the wire protocol is the same for both versions if only digital signature is used).
    • Decision: certificate-chain checking must respect limits on chain length stated inside certificates.
  • Volunteers for SSO interop-trials:

Agenda for GWS-WG sessions 3 & 4, Friday 18th May 2006


  • VOSpace
    • Reprise: what happened to VOStore?
    • Finalize the operation names
    • Finalize the identifier scheme
    • Finalize the operation semantics
    • WSDL: how to represent different kinds/levels of service?
    • Road-map: features held over to later versions of VOSpace

  • Objectives
    • V1.0 WD of spec.
    • Plan for interop. tests

  • : Ray Plante's presentation
Topic attachments
I AttachmentSorted ascending Action Size Date Who Comment
PDFpdf IVOAMay06Security.pdf manage 1839.8 K 2006-05-15 - 18:36 RayPlante Ray Plante's presentation
Edit | Attach | Print version | History: r12 | r9 < r8 < r7 < r6 | Backlinks | Raw View | Raw edit | More topic actions...
Topic revision: r7 - 2006-05-18 - GuyRixon
This site is powered by the TWiki collaboration platformCopyright © 2008-2020 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback