Authorization Interoperability.

A collaboration between EGEE, the OSG VO Services project, Globus, and Condor

Goal of the Authorization Interoperability activity is providing interoperability between middleware and authorization infrastructures. This is achieved by agreeing on and implementing an authorization protocol common to OSG VO services, EGEE, Globus, and Condor.

This protocol is used by Policy Enforcement Points (PEP), i.e. resource gateways, to interact with Policy Decision Points (PDP), i.e. repository of authorization policies. For each access request, the PDP informs the PEP on whether access is granted or denied and, what obligations need to be enforced if access if granted. Obligations are used as a mechanism to restrict privileges at Grid resources.

This work was started in Oct 2006 as a collaborative effort between the OSG VO Services Project, EGEE, Globus, and Condor.

Software

  • OpenSAML2.0 Extension Library to Support SAML2.0 profile of XACML2.0
    http://opensaml.org
  • C Support for SAML 2.0 Profile for XACML
    http://www-unix.mcs.anl.gov/~bester/xacml/
  • OLD

  • GT Java XACML Authorization library documentation
    http://www-unix.mcs.anl.gov/~ranantha/xacmlPDP/
  • OpenSAML2.0 Extension Library to Support SAML2.0 profile of XACML2.0
    http://www.bccs.uib.no/~hakont/SAMLXACMLExtension/
  • Documents and Presentations

    (see also VO Services documents)

  • The AuthZ Interop group collaboration, "An XACML Attribute and Obligation Profile for Authorization Interoperability in Grids":
    Extended version (Aug 2011)
  • .doc: http://www.fnal.gov/docs/products/voprivilege/focus/AuthZInterop/documents/AuthZInterop XACML Profile v1.2.doc
  • .pdf: http://www.fnal.gov/docs/products/voprivilege/focus/AuthZInterop/documents/AuthZInterop XACML Profile v1.2.pdf
  • Also available in the FNAL doc db (2952) and CERN EDMS (929867).
  • Original version (Oct 2008)
  • .doc: http://www.fnal.gov/docs/products/voprivilege/focus/AuthZInterop/documents/AuthZInterop XACML Profile v1.1.doc
  • .pdf: http://www.fnal.gov/docs/products/voprivilege/focus/AuthZInterop/documents/AuthZInterop XACML Profile v1.1.pdf
  • Also available in the FNAL doc db (2952v2) and CERN EDMS (929867).
  • Gabriele Garzoglio et al., "Definition and Implementation of a SAML-XACML Profile for Authorization Interoperability across Grid Middleware in OSG and EGEE", Published in the Journal of Grid Computing, Vol. 7, Issue 3 (2009), Page 297, DOI 10.1007/s10723-009-9117-4 :
    - .doc: http://www.fnal.gov/docs/products/voprivilege/focus/AuthZInterop/documents/AuthZ-Interop-JoGC-Apr09.doc
    - .pdf: http://www.fnal.gov/docs/products/voprivilege/focus/AuthZInterop/documents/AuthZ-Interop-JoGC-Apr09.pdf
  • Gabriele Garzoglio, "Authorization Interoperability - Project Closure Report for the Fermilab Computing Division":
    - .doc: http://www.fnal.gov/docs/products/voprivilege/focus/AuthZInterop/documents/AuthZ-Interop-ProjectClosureReport-v1.2.doc
    - .pdf: http://www.fnal.gov/docs/products/voprivilege/focus/AuthZInterop/documents/AuthZ-Interop-ProjectClosureReport-v1.2.pdf
    Also available as Fermilab CD-doc-3238
  • Gabriele Garzoglio et al., "Adoption of a SAML-XACML Profile for Authorization Interoperability across Grid Middleware in OSG and EGEE", CHEP 2010, Taipei, Taiwan, Oct 2010
    Paper: http://www.fnal.gov/docs/products/voprivilege/focus/AuthZInterop/documents/AuthZ-Interop-CHEP2010-v1.2.pdf
    Slides: http://www.fnal.gov/docs/products/voprivilege/focus/AuthZInterop/documents/CHEP10-AuthZ-Interop-talk-v1.1.ppt
  • Ted Hesselroth, "An XACML profile and implementation for Authorization Interoperability between OSG and EGEE", GlobusWorld, Argonne, IL, Mar 2010
    Slides: http://www.fnal.gov/docs/products/voprivilege/focus/AuthZInterop/documents/GlobusWorld-AuthZ-Interop-talk-v1.2.ppt
  • Gabriele Garzoglio et al., "An XACML profile and implementation for Authorization Interoperability between OSG and EGEE", OGF 26, Chapel Hill, NC, May 2009
    Slides: http://www.fnal.gov/docs/products/voprivilege/focus/AuthZInterop/documents/OGF26-AuthZ-Interop-talk.ppt
  • Gabriele Garzoglio et al., "An XACML profile and implementation for Authorization Interoperability between OSG and EGEE", CHEP 09, Prague, CZ, Mar 2009
    G Garzoglio et al 2010 J. Phys.: Conf. Ser. 219 062014
    Paper: http://www.fnal.gov/docs/products/voprivilege/focus/AuthZInterop/documents/AuthZ-Interop-Chep09-Paper-v1.0.pdf
    Slides: http://indico.cern.ch/contributionDisplay.py?contribId=201&sessionId=62&confId=35523
  • Yuri Demchenko: Presentation to the 12th TERENA Task Force on European Middleware Coordination and Collaboration meeting (TF-EMC2) Dec 2008, Utrecht, the Netherlands
    XACML-Grid and XACML-NRP Attributes and Policy Profiles and Policy Obligations Handling
  • Oscar Koeroo, "SCAS technical: Site Central Authorization Service"
    http://indico.cern.ch/contributionDisplay.py?contribId=235&sessionId=95&confId=32220
  • Håkon Sagehaug, "XACML object provider Library: a Programming Guide"
    http://www.bccs.uib.no/~hakont/SAMLXACMLExtension/files/ProgrammingGuideSAML_XACML.pdf
  • Yuri Demchenko: Presentation to OGSA-AUTHZ WG, OGF 23, June 2008, Barcelona
    An XACML Attribute and Obligation Profile for Authorization Interoperability in Grids (XACML-Grid Profile)
  • Yuri Demchenko: Presentation to the Network Markup Language Working Group (NML-WG) OGF 23, June 2008, Barcelona
    Attributes used for Authorisation in Network Resource Provisioning (XACML-NRP Authorisation Interoperability Profile for NRP)
  • Frank Siebenlist, "Obligation-related snippets from the xacml-2 core specification."
    http://cd-docdb.fnal.gov/cgi-bin/ShowDocument?docid=2140
  • XACML specifications:
  • "eXtensible Access Control Markup Language (XACML) Version 2.0",
    OASIS Standard, 1 Feb 2005
    http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-core-spec-os.pdf
  • "SAML 2.0 profile of XACML v2.0.",
    OASIS Standard, 1 Feb 2005
    http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-saml-profile-spec-os.pdf
  • OLD

  • Yuri Demchenko, "DRAFT: XACML Obligations expression and handling in distributed Grid applications"
    http://cd-docdb.fnal.gov/cgi-bin/ShowDocument?docid=2372
  • Yuri Demchenko, "DRAFT: XACML policy examples using the interoperability profile: Pilot Job policy use cases"
    examples-pilot-job-policy.zip
  • Alberto Forti, "XACML engine policy configuration"
    http://cd-docdb.fnal.gov/cgi-bin/ShowDocument?docid=2374
  • Project Management

  • Latest WBS and Gnatt chart for the closure of the project (html|pdf)
  • Baseline WBS and Gnatt chart for the closure of the project (Sep 11, 08) (html|pdf)
  • WBS and Gnatt chart (Sep 16, 08) (html|pdf)
  • Testing and OSG Deployment Plan (doc)
  • Meetings

  • May 14, 2009
  • - BeStMan has problems of library compatibility with GT3
  • May 7, 2009
  • BeStMan has implemented the AuthZ Interop Interface.
  • Apr 16, 2009
  • Discussing deployment of dCache v1.9.2-4
  • Apr 9, 2009
  • - dCache v1.9.2-4: in VDT.
  • Apr 2, 2009
  • - dCache v1.9.2-4: certification tests successful.
  • Mar 26, 2009
  • - GridFTP development finished. Started testing.
    - dCache v1.9.2-4: preliminary tests successful.
  • Mar 19, 2009
  • - Tests of GridFTP call-out module will start next week
    - dCache v1.9.2-4 released 2 day ago. Tests will start this week
    - gLExec passed EGEE certification tests.
  • Mar 11, 2009
  • - gPlazma: working on a new dCache v1.9.2-x release. ITB is closing the testing cycle and will not be able to test this release.
  • Mar 5, 2009
  • - GridFTP call-out module under development
    - SCAS: Joe will provide support for external management of sockets, to mitigate the effect of the memory leak.
    - gPlazma: dCache v1.9.2-4 has problems. Working on a fix.
    - gLExec: fixed problem with monitor.
  • Feb 26, 2009
  • - SCAS: still asking for help from Globus for memory leak.
    - gPlazma: dCache v1.9.2-3 has the wrong gPlazma version. Releasing v1.9.2.-4 next week.
    - Prima: provided a fix to the errors reported by ITB
  • Feb 19, 2009
  • - gPlazma: dCache v1.9.2-3 released.
    - gLExec / Prima: working with ITB to correct reported errors
    - SCAS: still asking for help from Globus for memory leak, gSOAP upgrade, and direct access to code reposiroty.
  • Feb 12, 2009
  • - gPlazma: possible release of dCache v1.9.2-4 next week.
    - gLExec: Found problem with limited proxies. Provided and locally tested a fix.
    - SCAS: asking for more help from Globus for memory leak, gSOAP upgrade, and direct access to code reposiroty.
  • Feb 05, 2009
  • - gPlazma: released patch for gPlazma integration with space reservation service.
    - gLExec: VTB tests successful. Preparing ITB tests.
    - SCAS memory leak: solution from Globus mitigates the problem. Starting pre-production certification.
  • Jan 30, 2009
  • - Discussion with Mike Link and Rajkumar Kettimuthu on a Globus-native GridFTP authorization call-out module
  • Jan 29, 2009
  • - gPlazma: delays in dCache v1.9.2-2 release.
    - gLExec: Running VTB tests.
    - SCAS memory leak: Globus provided a solution, to be tested.
  • Jan 22, 2009
  • - gPlazma: working on memory leak for VOMS-API. Patching official dCache v1.9.2.
    - gLExec: builds on all platforms. Arranging for VTB tests.
    - SCAS memory leak identified: Joe Bester is looking for a solution.
    - GT 4.2: working with OSG and VDT to start up gridftp campaign.
  • Jan 15, 2009
  • - gLExec: main developer is leaving: adjusting team responsibility to cover. Problems in SL5 will be solved by release on Mon.
    - SCAS memory leak identified: need help from Globus.
    - VTB tests of Prima, GUMS, dCache pre-v1.9.2 successful.
  • Jan 8, 2009
  • - SCAS: progress on memory leak.
    - gLExec: no progress on problems in SL5.
    - dCache v1.9.2 planned to be reled next week.
  • Dec 18, 2008
  • - SCAS: memory leak found.
    - gLExec: new release has problems in SL5.
    - Progress on VTB tests of GUMS.
  • Dec 11, 2008
  • - Found bug in GT4.2 code when obligations are unknown
    - Found memory leak in VOMS libraries used by GUMS and Prima
    - gLExec: new release builds and passes tests.
    - VTB tests of GUMS started.
  • Dec 04, 2008
  • - Discussing limitation of our implementations.
    - gPlazma: Initial storage tests against GUMS and SCAS work.
    - gLExec: found problem in proxy validation module. Fixing it.
    - SCAS: Configurations are being certified.
  • Nov 20, 2008
  • - VDT will release candidate OSG v1.0 update on Dec 1. ITB testing in Dec. Production release on Jan 6.
    - gPlazma: we'll test a pre-release of v1.9.2 starting on Mon Nov 24.
    - GUMS: upgraded mysql and hybernate. Now available off test cache for testing.
    - PRIMA: some automated VDT tests have problems.
    - gLExec: does not build on SL3/32bits anymore. It seems that not all versions of dependent libs from ETICS were hardcoded. Oscar is investigating.
    - SCAS: code in "configuration" stage.
  • Nov 13, 2008
  • - gPlazma: merging authz functionalities on v1.9.2. Starting tests next week.
    - GUMS: VDT is packaging GUMS w/ old gLite libs. No time to fix memory leak for new libs.
    - PRIMA: tested PRIMA package from VDT. Minor issues to resolve.
    - gLExec: Oscar hardcoded dependencies of gLExec from ETICS. gLExec builds on 64bit for all platforms, except SL5.
    - SCAS: new code in the certification pipeline.
    - GT: discussing globus campaigns to integrate XACML with all the globus services.
  • Nov 06, 2008
  • - gPlazma: need to work on logs before official v1.9.2
    - GUMS: we can package GUMS w/ old gLite libs. Actively investigating memory leak.
    - PRIMA: packaging in progress
    - gLExec: working in ETICS to define gLExec depedencies, so that gLExec can build on 64bits platforms.
    - SCAS: need to integrate configuration check for URL.
    - GT: finalized plan for final development. Will allocate resources according to OSG deployments needs.
  • Oct 30, 2008
  • - gPlazma: discussed testing on ITB
    - GUMS: memory leak with new gLite libs. Trying a fix from Ted. - PRIMA: packaging in progress
    - gLExec: does not build on 64bits platforms. Gathering support to push Ethics to build the gLExec version that does.
    - GT: draft schedule of final development is available.
  • Oct 23, 2008
  • - gPlazma on target to be in candidate v1.9.2 release by Oct end.
    - GUMS / PRIMA: packaging in progress
    - GT: discussing when VDT communities want 4.2 to schedule final development.
    - Discussing VTB/ITB schedule.
  • Oct 16, 2008
  • - gPlazma vs. GUMS: OK
    - gPlazma vs. SCAS: 95% OK
    - Prima / gLExec / SCAS Client vs. GUMS: OK
    - Prima / gLExec / SCAS Client vs. SCAS: OK
    - GT client vs. GUMS: OK
    - GT client vs. SCAS: Out-of-scope
  • Oct 9, 2008
  • - gPlazma vs. GUMS: OK
    - gPlazma vs. SCAS: 90% OK
    - Prima / gLExec / SCAS Client vs. GUMS: OK
    - Prima / gLExec / SCAS Client vs. SCAS: OK
    - GT client vs. GUMS: OK
    - GT client vs. SCAS: Out-of-scope
  • Oct 2, 2008
  • - gPlazma vs. GUMS: OK
    - gPlazma vs. SCAS: 1/2 OK
    - Prima / gLExec / SCAS Client vs. GUMS: temporary NO
    - Prima / gLExec / SCAS Client vs. SCAS: OK
    - GT client vs. GUMS: OK
    - GT client vs. SCAS: IN-SCOPE ?
  • Sep 25, 2008
  • - gPlazma vs. GUMS: OK
    - gPlazma vs. SCAS: 1/2 OK
    - Prima / gLExec / SCAS Client vs. GUMS: 93% OK
    - Prima / gLExec / SCAS Client vs. SCAS: OK
    - GT client vs. GUMS: NO
    - GT client vs. SCAS: NO
  • Sep 18, 2008
  • - gPlazma vs. GUMS: OK
    - gPlazma vs. SCAS: 1/2 OK
    - Prima / gLExec / SCAS Client vs. GUMS: 90% OK
    - Prima / gLExec / SCAS Client vs. SCAS: OK
    - GT client vs. GUMS: NO
    - GT client vs. SCAS (Rachana/Oscar) : NO
  • Sep 11, 2008
  • - gPlazma vs. GUMS: 1/2 OK
    - gPlazma vs. SCAS: 1/2 OK
    - Prima / gLExec / SCAS Client vs. GUMS: NO
    - Prima / gLExec / SCAS Client vs. SCAS: OK
    - GT client vs. GUMS: NO
    - GT client vs. SCAS (Rachana/Oscar) : NO
  • Sep 04, 2008
  • - gPlazma vs. GUMS: 1/2 OK
    - gPlazma vs. SCAS: NO
    - Prima / gLExec / SCAS Client vs. GUMS: NO
    - Prima / gLExec / SCAS Client vs. SCAS: OK
    - GT client vs. GUMS: NO
    - GT client vs. SCAS (Rachana/Oscar) : NO
  • Aug 28, 2008
  • Status of development.
  • Aug 14, 2008
  • Status of development.
  • Aug 7, 2008
  • Status of development. Addressed problems in initial interoperability tests.
  • Jul 31, 2008
  • Status of development and interoperability tests.
  • Jul 24, 2008
  • Status of development. Starting interoperability tests.
  • Jul 17, 2008
  • Status on development progress. Plans on interoperability tests.
  • INFN management gave the go ahead for the VOMS PIP incubator project. Planning the work
  • Jul 10, 2008
  • Development should finish by end of Aug. Some tails of work foreseen. Details of the development status
  • Discussing involvement of INFN on VOMS PIP incubator project.
  • Jun 26, 2008
  • Each group is working on the development of XACML interfaces.
  • INFN management seeking more info for the joint GT / VOMS project to develop a VOMS PIP within GT.
  • Jun 19, 2008
  • Ted, Jay, and Rachana working on development of privilege.jar.
  • No resolution from INFN management yet on the joint GT / VOMS project to develop a VOMS PIP within GT.
  • Jun 12, 2008
  • Rachana and Jay exchange code and 3rd party dependencies.
  • INFN management needs more input to reach a resolution on the GT / VOMS join project on VOMS PIP.
  • Jun 05, 2008
  • Globus will need to translate XACML actions to GRAM into XACML actions for GUMS/SCAS.
  • Rachana is developing the Globus PDP and interacting with OpenSAML Java group.
  • May 29, 2008
  • gLExec integration in GRAM4 can be worked on in the next 6 months
  • Globus/VOMS joint Open Source project to develop an VOMS PIP in GT4 is of interest. Need INFN management approval.
  • Discussing development progress for GUMS, PRIMA, and SCAS.
  • May 8, 2008
  • Input on last draft of the Interoperability Profile document. Discussing Yuri's policy examples
  • Discussing VOMS PIP implementation and maintenance. We need to talk to INFN.
  • Apr 25, 2008
  • Ad hoc meeting with Globus, SAZ, gPlazma. Globus asks that VO Services/EGEE write the VOMS PIP. She will provide the PDP-callout
  • Enforcement of obligations in GRAM requires changes to the GRAM code. Need discussions with GRAM group.
  • Apr 24, 2008
  • Freezing the Interoperability Profile document on Mon 28
  • JavaDoc OpenSAML lib at http://www.opensaml.org/docs/opensaml/2.1.0/apidocs/
  • Apr 17, 2008
  • Jay is implementing a prototype of Java PDP. He has several questions on how to compose the XACML messages.
  • Oscar has successful mappings from the new SCAS infrastructure. He has put in place a test PDP available for our group to use at https://kvasir.nikhef.nl:8080
  • Apr 10, 2008
  • Interoperability Profile Document: agreed on how to address final comments. Added proxy validity sending start and end date of the first and last delegated proxy
  • Interoperability at the level of the transport layer with Web Services deployed in Tomcat can be implemented using the gLite TrustManager (like for GUMS)
  • Apr 3, 2008
  • As a transport layer we use TLS-secured web services (https) or sockets (ssh). XACML messages serialized by the OpenSAML library are wrapped around SOAP.
  • Coordinating the final changes to the interoperability documentto freeze v1.0.0.
  • Mar 27, 2008
  • MWSG 14 (Bologna, Italy). Discussions on freezing the Interoperability Profile Document.
  • Mar 20, 2008
  • Profile Document: VOMS-signing-subject in the request should allow for multiple attributes, since EGEE cares about proxies with multiple AC. The information on "pilot" attributes should be generalized to be "invoker".
  • Started integrating an XACML interface with GUMS
  • Mar 13, 2008
  • Testing C PEP to Java PDP interoperability. Some problems with namespaces. Need to verify latest version. Arranging for Java PEP to C PDP interoperability tests.
  • Policy examples for pilot job use cases. Need final profile document to finalize them.
  • Mar 06, 2008
  • Namespace for the authorization interoperability project is http://authz-interop.org identity.
  • Started testing Java / C interoperability. Hakon has sent the Java schema to Joe to see if C library is compliant with Java. The two are interoperable, except for problems with the namespace.
  • Feb 28, 2008
  • Attribute subject-id is not mandatory in the XACML nor SAML specs. We will use different attribute names to distinguish between X509 and condor identity.
  • We envisionfuture policies on pilot job use cases. For now, we'll create policies for our current use cases.
  • Feb 19, 2008
  • More input on the Interoperability profile document. Discussing namespaces.
  • It is possible to add the Condor authorization use case in the profile, adding the subject attribute CondorCanonicalName. Still need to clarify the XACML syntax (subject-id).
  • Feb 07, 2008
  • Discussing comments to the interoperability profile document. Of particular relevance: choice of namespaces; keeping mapping obligations distinct; keeping the concept of obligation dependency; XACML issuer as DN validator vs. X509 issuer as DN / private key binder.
  • Jan 31, 2008
  • First experiences using the C version of the OpenSAML library. Discussing initial Java / C wire interoperability issues.
  • Discussing our testing plans for the library, for the PEP/PDP implementations, for compliance with the interoperatbility profile.
  • Jan 23, 2008
  • Discussing interoperability profile: valid actions per resource. For SE, "access"; for CE, "execute-now" and "queue"; for WN, "execute-now".
  • An authorization request for a pilot job has pilot job subject info in the <environment>; an authz req. for a user job does not.
  • Jan 17, 2008
  • Discussing interoperability profile. <environment> is used to send PEP capabilities and pilot job information (same attributes as for <subject>).
  • <resource> are CE, SE, WN.
  • <action> are different for every resource; tentatively: for SE, access file; for CE, queue or execute (job-manager-fork); for WN, execute.
  • Dec 6, 2007
  • MWSG 13 (Berkeley, CA). Discussion on transitioning development team for the XACML library implementation from Globus to EGEE.
  • Technical discussion on the project, interoperability profile document, the GT XACML library implementation, GPBox, and gJAF
  • Nov 20, 2007
  • EGEE proposes to take over the development of the XACML/SAML profile library.
  • Discussing where to put pilot job identity information (<action> ?) and listing <resources>.
  • Nov 08, 2007
  • Discussing the elements of an XACML authorization request: <subject>, <action>, <resource>, <environment>.
  • Lists the attributes of the <subject> element.
  • Oct 30, 2007
  • Results of the tests of the GT library with gJAF
  • User attributes encoded in the XACML <subject> element: "primary_fqan" and "fqan"
  • Oct 23, 2007
  • Discussing how to encode the communication between PEP and PDP: (1) standardizing obligations; (2) encoding user attributes in the XACML <subject> element.
  • Oct 11, 2007
  • Discussion on how to achieve interoperability. The GT library is our reference implementation. We plan to achieve interoperability by agreeing on a common protocol and XACML profile.
  • Oct 2, 2007
  • MWSG discussion on the collaboration. Oscar Koeroo presents the EGEE point of view on the effort: "The SAML-XACML protocol in EGEE & OSG Authorization and resource enforcement tools"
  • Sep 2007
  • Back to the premises: why do we work with Globus for an XACML implementation instead of using OpenSAML ?
  • Globus is committed to fixing potential deviations from the specs and to implementing the required constants in the beta version.
  • The group is converging on the list of obligations that will be understood by our middleware (Username, UIDandGID, etc.).
  • Aug 17, 2007
  • Feedback to Globus on the alpha version of the library
  • Discussing XACML Profile and Interoperability
  • Aug 7, 2007
  • How to configure an XACML policy engine to make best usage of the Globus library.
  • Discussed what an obligation is for our group. An obligation is a set of attributes + an action.
  • Discussed how PEP communicates its capabilities to the PDP.
  • Jun 27, 2007
  • MWSG 12 (Stockholm, Sweden). Time constraints from EGEE and OSG for the release of an alpha/beta globus library. What features of the C library are essential to write client software.
  • Jun 2007
  • Globus will release the Alpha version of the library Aug 1
  • Clarification of requirements
  • What is an obligation in our context? (NOTE: the group has changed its mind on this on Aug 7, 2007)
  • May 2007
  • Goal of the meeting was to discuss the beta version of the authorization call-out library from Globus.
  • Clients should be able to declare what obligations they can support.
  • Options for the C version of the call-out library
  • XACML seams appropriate to implement session management.
  • Apr 2007
  • Discussed 4 EGEE requirements.
  • Discussed offline Yuri's authZ "ticket"
  • Mar 2007
  • Various topics for discussion at the MWSG 11
  • Feb 2007
  • Defining the collaboration
  • GT XACML Authz querying interface
  • CAS
  • Oct 2006
  • Exploratory meeting between Globus and OSG VO Services
  • Globus is investigating the use of XACML assertions for PEP/PDP communication
  • CAS seems to implement a model generic enough to be used as a VOMS or a GUMS server.
  • We need to define the OSG roadmap and priorities for Globus
  • Globus would be interested in talking about Auditing

  • Last update: Aug 14h 2008