shibboleth-dev - Globus/ESG use case for non-browser app
Subject: Shibboleth Developers
List archive
- From: "Von Welch" <>
- To:
- Cc:
- Subject: Globus/ESG use case for non-browser app
- Date: Mon, 22 Sep 2003 14:10:10 -0500
Sorry for the lateness, got tied up this morning. This is a particular
use case that I think speaks well for a number of Grid communities.
Von
----
The Earth System Grid (ESG) has/will produce a large numbers of
datasets that has been generated from analysis of climate data. These
datasets go through a lifecycle in terms of confidentiality
requirements - they initially start off being restricted to a few key
researchers and then become available to a larger and larger community
until they finally become public (e.g., after results are published).
At phases in this confidentiallity lifecycle, it is desirable to grant
access based on attributes of the requestor. For example, access to a
dataset would be granted to any climatologist at a set of universities
(possibly any). In some cases authentication is not required, in
others it is for audit purposes (though it may not need to be that
strong of an authentication).
This is a large community to manage in authorization policy as
individuals as well as in terms of identity and authentication
credentials, so ESG would preferr to leverage off of existing
mechanisms for authentication and attributes instead of assigning PKI
credentials and managing ACLs. If we could find a way to allow these
folks to assertion an attribute (and possibly identity) from their
home institution, this would be a win for these folks in that it would
allow them to not set up A&A infrastructure.
Ideally this would be done by granting these folks an set of identity
credentials that allow for asserting that identity (e.g., X5.09 cert
and private key) and then binding attribute assertions to that
identity. Though it is possible that a short-lived bearer attribute
credential could also be acceptable.
------------------------------------------------------mace-shib-design-+
For list utilities, archives, subscribe, unsubscribe, etc. please visit the
ListProc web interface at
http://archives.internet2.edu/
------------------------------------------------------mace-shib-design--
- SHIB design call, monday (9/22), 3:00 pm edt, noon pdt, Steven_Carmody, 09/19/2003
- Non-web scenarios, Diego R. Lopez, 09/21/2003
- Globus/ESG use case for non-browser app, Von Welch, 09/22/2003
Archive powered by MHonArc 2.6.16.