draft-ggf-ogsa-sec-roadmap-01.doc

It should be noted that in addition to emerging ws

Info icon This preview shows pages 14–16. Sign up to view the full content.

View Full Document Right Arrow Icon
It should be noted that in addition to emerging WS-Policy specifications there is an effort in the larger OGSA community on general policy management. Work on authorization policy management should build on this effort as much as possible and strive to provide feedback on any missing requirements. This Section describes proposed authorization policy management specifications. 4.6.1. Coarse-grained Authorization Policy Management Specification This specification defines mechanisms for managing coarse-grain authorization policy (e.g., access control lists: ACLs) imposed by an OGSA service on a requestor. This specification should also address management of policy regarding trust roots: e.g., whom should a service trust to assign identities. 4.6.2. Fine-grained Authorization Policy Management Specifications A set of further specifications may be defined to support the management of more sophisticated and fine-grained policies. Some possible examples include the following. Authorization policy based on required attributes in addition to, or instead of, identities and policy regarding trust roots for attributes. Policy regarding the circumstances under which delegation is acceptable. Policy based on fine-grained details of an action as described in Section 4.1.2. 4.7. Trust Policy Management All entities in an OGSA environment will make policy decisions based on the trust they have in the claims and assertions presented by others. In some cases, this trust is implicit , as in the case of claims and assertions made by the entity itself. In other cases, trusting entities may be configured to trust other anchored entities, as a means of achieving closure. In most cases, however, trust in a statement made by an entity has to be derived through assertions about that entity by others, and this chain has to end with the entity itself or a trust-anchored entity. [email protected] 14
Image of page 14

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
GWD-I ( draft-ggf-ogsa-sec-roadmap-01 ) Revised 6/14/2018 The need to trust one entity to make a statement about another introduces policy decisions. These are essentially authorization assertions, and the policy that governs this decision has to defined and managed. The WS Security Architecture has an emerging WS-Trust [WS-TRUST] module that addresses trust management issues. The distributed and dynamic nature of the Grid environment, and its frequent crossing of administrative boundaries through ad-hoc created virtual organizations, will put high demands on this WS-Trust specification. 4.7.1. OGSA Trust Service Specification This specification defines an OGSA service that will use the WS-Trust specification to manage and publish trust policies. 4.8. Privacy Policy Management Requestors that seek to maintain anonymity or to withhold private information will want to inspect a service provider’s stated privacy policy and its adherence to that policy. On the other end, service providers may need the ability to adapt their data collection level based on the stated privacy level of the requester. Here we can refer to the general practices and rules defined by the P3P effort [P3P].
Image of page 15
Image of page 16
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern