draft-ggf-ogsa-sec-roadmap-01.doc

Because of this a standard means for naming entities

Info icon This preview shows pages 10–12. Sign up to view the full content.

View Full Document Right Arrow Icon
to which the attribute is being bound. Because of this, a standard means for naming entities is seemed as a priority. This specification defines how the identity (i.e. name) for an OGSA entity should be formed based on the entity’s identity established by within their security realm. This specification should consider the following issues: Cross-realm uniqueness: A unique name from one realm is not necessarily guaranteed to be unique across all realms. The name will need appropriate canonicalization to make sure it is unique. Anonymity: There will be scenarios where anonymous usage is allowable and even desirable. The naming scheme should enable this. Identity Mapping: Policy may dictate that an entity is known by multiple names (e.g. ,it may have both a Kerberos principal name and a PKI subject name). This specification should be careful not to hinder policies and services that express and perform these mappings. 4.1.2. OGSA Target/Action Naming Specification Many authorization policies will also require a name for the action being invoked. This specification defines how an action (i.e., a request from a requestor to a service provider) is described. For coarse-grained policy evaluation, this description may be nothing more than the name of the portType on the named service. For finer-grained policy evaluation, this description may need to include a representation of the arguments being used to invoke the action. This specification should describe a name format for describing actions in a standard manner to allow for pluggable policy evaluation modules. (Current work to identity serviceDataDescriptions in the larger OGSA community may resolve portions of this requirement.) 4.1.3. OGSA Attribute and Group Naming Specification In order to allow attributes and groups defined in one realm to be used in other realms, a standard method of expressing these attributes and groups names is required. This will allow writers and evaluators of a policy to have a consistent approach for naming attributes and groups and ensure that the intended attribute or group is used by both parties. This specification should describe an appropriate canonicalized naming method for group and attribute names. [email protected] 10
Image of page 10

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
GWD-I ( draft-ggf-ogsa-sec-roadmap-01 ) Revised 6/14/2018 4.1.4. Transient Service Identity Acquisition Specification This specification defines a method that a transient service instance can use to obtain an unique identity. It is possible that this specification will entail the description of one or more OGSA services. This specification might consider the following approaches: Factory/Hosting environment granted: The service factory or hosting environment act as a naming authority for instances they create. This approach essentially amounts to the factory or hosting environment defining a namespace.
Image of page 11
Image of page 12
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern