Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Add link to EGI AAI doc on expressing VO/group membership & roles

...

TimeItemWhoNotes
15minDJRA1.4A Recommendations on expressing Group membership

Davide Vaghetti

Nicolas Liampotis

10minDJRA1.4B Guidelines on attribute aggregationDavide Vaghetti
  • Proposed content:
    • IdP based vs SP based (PUSH vs PULL)

    • use cases

    • requirements

20minDJRA1.4C Guidelines on Token Translation ServicesDavide Vaghetti
  • Proposed content:
    • TTS as a gateway: i.e. a Proxy a the Federation level (CILogon model)

    • TTS at the end service, (almost) seamless for the user, and certainly seamless for the Federation

  • Mischa Salle points out that actually CILogon is not a gateway, since it does not join two different administrative entities. It is more a technological bridge. So maybe it is more clear if we split the possibile use of TTS in more use cases.
10minDJRA1.4D Recommendations for credential delegationDavide Vaghetti
  • Delegation = "act on behalf of the user"
  • Proposed content:
    • OAuth2
  • Mischa Salle propose ECP for the SAML world
10minDJRA1.4E Best practices for managing authorizationDavide Vaghetti

We all agree that "Groups vs Entitlements" in the end is not such an issue.

Nicolas Liampotis proposes the following main topics:

  • distributed authorization
  • delegation of management of authorization attributes in a VO
20minDJRA1.4F Guidelines on non web accessDavide Vaghetti

Proposed content:

  • Concentrate on some, or maybe ONE, specific use case: SSH seems to be the most relevant one (see also FeduShare project: https://sites.google.com/site/fedushare/)
  • Marcus Hardt proposes to wider the scope of the "non web access" deliverable to comprehend REST API use cases
  • We all agree that REST API is an important matter, we will see if it does fit in DJRA1.4F, or if it is better to split the deliverables in two parts;
  • Michal Jankowski and others point out that in non web access use cases where there is provisioning of local accounts, (federeted) de-provisioning should be taken into account;

...