Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

TimeItemWhoNotes
15minDJRA1.4A Recommendations on expressing Group membership

Davide Vaghetti

Nicolas Liampotis

10minDJRA1.4B Guidelines on attribute aggregationDavide Vaghetti
  • Proposed content:
    • IdP based vs SP based (PUSH vs PULL)

    • Scalable attribute aggregation in the presence of multiple attribute authorities

    • use cases

    • requirements

20minDJRA1.4C Guidelines on Token Translation ServicesDavide Vaghetti
  • Proposed content:
    • TTS as a gateway: i.e. a Proxy a the Federation level (CILogon model)

    • TTS at the end service, (almost) seamless for the user, and certainly seamless for the Federation

  • Mischa Salle points out that actually CILogon is not a gateway, since it does not join two different administrative entities. It is more a technological bridge. So maybe it is more clear if we split the possibile possible use of TTS in more use cases.
10minDJRA1.4D Recommendations for credential authorisation delegationDavide Vaghetti
  • Delegation = "act on behalf of the user"
  • Proposed content:
    • OAuth2
  • Mischa Salle propose ECP for the SAML world
10minDJRA1.4E Best practices for managing authorizationauthorisationDavide Vaghetti

We all agree that "Groups vs Entitlements" in the end is not such an issue.

Nicolas Liampotis proposes the following main topics:

  • distributed authorizationauthorisation
  • delegation of authorizationof management of authorisation attributes in a VO
20minDJRA1.4F Guidelines on non web accessDavide Vaghetti

Proposed content:

  • Concentrate on some, or maybe ONE, specific use case: SSH seems to be the most relevant one (see also FeduShare project: https://sites.google.com/site/fedushare/)
  • Mischa Salle Marcus Hardt proposes to wider the scope of the "non web access" deliverable to comprehend REST API use cases
  • We all agree that REST API is an important matter, we will see if it does fit in DJRA1.4F, or if it is better to split the deliverables in two parts;
  • Michal Jankowski and others point out that in non web access use cases where there is provisioning of local accounts, (federetedfederated) de-provisioning should be taken into account;

...