AA Planning Call-13-Feb-2007

From GEANT2-JRA1 Wiki

Contents

[edit]

Dial In Info

This call will take place via skype. The participants in the list below will be called on skype conferencing. If you are interested in joining the call, please inform Loukik or Maurizio or Jeff or Candido

Time: 1500 hrs UTC

[edit]

Participant List

Loukik, Maurizio, Candido, Jeff

[edit]

Agenda

  • Actions from the previous phone call
    • Candido to email his experiences with making use of tomcat libraries to read X.509 certificates (sample implementations if available)
    • Candido to send an example of a SAML assertion
    • Loukik to describe his idea of phases (i.e., phased prototyping approach)
    • Candido to email some class diagrams for all the classes that he has designed/planning to implement
  • Discussion on using soap headers for assertions
[edit]

Minutes

  • Actions from the previous phone call
    • Candido to email his experiences with making use of tomcat libraries to read X.509 certificates (sample implementations if available) - WON'T HAPPEN see discussion on use of tomcat libraries below for more info.
    • Candido to send an example of a SAML assertion - DONE
    • Loukik to describe his idea of phases (i.e., phased prototyping approach) - ONGOING
    • Candido to email some class diagrams for all the classes that he has designed/planning to implement - ONGOING
  • Discussion on TLS, X.509 Certificates and use of tomcat libraries
    • Candido mentioned that if we follow WS-Security profiles, we won't need to use TLS as the profiles define how X.509 certificates and SAML assertions should be used in Web Services (i.e., it defines the structure of the SOAP message to be used for such messages). This raised the question of whether we need to implement TLS at all.
      • We identified that for simple clients, supporting TLS might be make it easier to write up a client program. On the other hand, supporting both TLS and WS-Security would mean some degree of complexity on the server side as the server will need to check which option is being used by the client.
      • Maurizio mentioned that in the specifications document, TLS has been widely used and sometimes illustrated as being the only option. Jeff mentioned that TLS was chosen to avoid 'man-in-the-middle' attacks.
      • ACTION: Maurizio to talk to Diego and others about TLS in the specs document and the different between the document specification and what we are thinking to implement using WS-Security profiles.
  • Discussion on using SOAP Headers
    • WS-Security profile outlines how soap message and soap headers should be used for carrying SAML assertions and X.509 certificates. So, it looks like we will end up reading and modifying soap headers.
    • Loukik provided a link illustrating how SOAP headers could be modified with the help of axis. However, before going any further with the actual implementation, everyone agrees that it is important to find out what the profiles actually outline. Only after understanding that will we be able to understand how to implement all this.
    • ACTION: All to read the WS-Auth profiles for SAML assertion and X.509 certificate. Links have been provided by Candido and are available in the reference section.
  • AOB
    • Timelines - Maurizio mentioned that by end of May we are expected to have implemented AuthN in at least one service (maybe RRD or maybe SQL MA).
    • Jeff mentioned that since Grids are our main customers, its better to understand the direction in which they are headed.
      • ACTION: Jeff to investigate details on technology and techniques used by the Grid community
  • Next call: 27th of February (Tuesday): 1500 hrs UTC
[edit]

References

Retrieved from "http://wiki.perfsonar.net/jra1-wiki/index.php/AA_Planning_Call-13-Feb-2007"
Personal tools