<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=Content-Type content="text/html; charset=windows-1252">
<meta name=Generator content="Microsoft Word 12 (filtered medium)">
<style>
<!--
/* Font Definitions */
@font-face
{font-family:Helvetica;
panose-1:2 11 5 4 2 2 2 2 2 4;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
span.apple-style-span
{mso-style-name:apple-style-span;}
span.apple-converted-space
{mso-style-name:apple-converted-space;}
span.EmailStyle20
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page Section1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.Section1
{page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=EN-GB link=blue vlink=purple style='word-wrap: break-word;
-webkit-nbsp-mode: space;-webkit-line-break: after-white-space'>
<div class=Section1>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Thanks Rachana. I’ve copied them on to the wiki page:<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><a
href="http://proj.badc.rl.ac.uk/go-essp/wiki/CMIP5/Meetings/telco100803#NotesandActions">http://proj.badc.rl.ac.uk/go-essp/wiki/CMIP5/Meetings/telco100803#NotesandActions</a><o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>I’ve made some additions from my notes and I’ve highlighted
actions. <o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>*Please all who were on the call check these actions*<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Cheers,<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Phil<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<div style='border:none;border-left:solid blue 1.5pt;padding:0cm 0cm 0cm 4.0pt'>
<div>
<div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm'>
<p class=MsoNormal><b><span lang=EN-US style='font-size:10.0pt;font-family:
"Tahoma","sans-serif"'>From:</span></b><span lang=EN-US style='font-size:10.0pt;
font-family:"Tahoma","sans-serif"'> Rachana Ananthakrishnan
[mailto:ranantha@mcs.anl.gov] <br>
<b>Sent:</b> 03 August 2010 18:23<br>
<b>To:</b> Kershaw, Philip (STFC,RAL,SSTD)<br>
<b>Cc:</b> go-essp-tech@ucar.edu<br>
<b>Subject:</b> Re: [Go-essp-tech] Agenda for Security Telco Today<o:p></o:p></span></p>
</div>
</div>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>Sharing my notes from the call.<o:p></o:p></p>
<div>
<p class=MsoNormal><o:p> </o:p></p>
</div>
<div>
<p class=MsoNormal>Rachana<o:p></o:p></p>
</div>
<div>
<p class=MsoNormal><o:p> </o:p></p>
</div>
<div>
<p class=MsoNormal style='margin-bottom:12.0pt'>Gateway Release<br>
<br>
1. Federation-wide Trust Root Management<br>
A. Neill to send email to go-essp requesting for certiifcate<br>
B. Input from Eric on where in a Gateway install you should pick up MyProxy CA
and the OpenID trustroots<br>
C. All Gateway and Data node owners to send the trust roots<br>
D. Neill generates document with tar.gz and Java trust root<br>
<br>
2. Gateway Attribute Service<br>
A. Luca to respond on feasibility to assert a whitelist<br>
B. Nathan H to work on Gateway to attribute service call use certificate for
SSL handshake<br>
C. Eric: PCMDI deployment does not validate client and all connections should
be mutually authentication<br>
D. Eric: PCMDI deployment did not return any attribute results<br>
E. (?) PCMDI registration request was not unanswered. This needs to be changed
to be automated.<br>
F. (?) Registration currently is automatically approved, and if you know the
confirmation URI, the approval can be spoofed.<br>
<br>
3. Gateway SAML Authorization Service<br>
A. Luca has tested AuthZ service at NASA, which is latest code<br>
B. Data node filter updates need to be absorbed for deployment<br>
<br>
4. Gateway WGet Scripts<br>
A. Eric making progress on this, on target<br>
B. Phil to follow-up on the wget parameters needed<br>
C. Call to discuss the VeriSign keystore issue (Phil, Rachana, Gavin)<br>
<br>
Data Node Release<br>
<br>
1. Data Node Authentication/Authorization<br>
A. SAML one has low priority. Use cases where we need the user attributes via
the certificates, since the core attributes are pushed via OpenID, but not via
PKI.<br>
B. RP with email in cookie, not resolved for now<br>
C. Next release: code development is done, needs script integration and
installation (Stephen, Gavin & Luca)<br>
D. Luca/Gavin: to test token and token-less data node install on a machine with
a clean script install to test this. Gavin to setup the machine, and setup
access. Install federation wide trust information to allow anyone in federation
to test this.<br>
<br>
3. Configurable Data Node Service to enable/disable token generation<br>
A. Gavin: generate CSR on data node install, and has documentation on this.
PCMDI as the specific contact for now.<br>
B. Rachana to work with Gavin on the document outlining on how the admin can
get the host certificate.<br>
<br>
* GridFTP on lack of chroot turnkey solution is a blocker for next data node
release.<br>
* Attribute and authorization services need to be able to do mutual
authentication and whitelist users. Blocker for next release.<o:p></o:p></p>
<div>
<div>
<p class=MsoNormal>On Aug 3, 2010, at 7:56 AM, <<a
href="mailto:philip.kershaw@stfc.ac.uk">philip.kershaw@stfc.ac.uk</a>> <<a
href="mailto:philip.kershaw@stfc.ac.uk">philip.kershaw@stfc.ac.uk</a>>
wrote:<o:p></o:p></p>
</div>
<p class=MsoNormal><br>
<br>
<o:p></o:p></p>
<div>
<div>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:black'>Hi all,<o:p></o:p></span></p>
</div>
<div>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:black'> <o:p></o:p></span></p>
</div>
<div>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:black'>I’ve compiled an agenda with Rachana for the call today:<o:p></o:p></span></p>
</div>
<div>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:black'> <o:p></o:p></span></p>
</div>
<div>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:black'><a
href="http://proj.badc.rl.ac.uk/go-essp/wiki/CMIP5/Meetings/telco100803">http://proj.badc.rl.ac.uk/go-essp/wiki/CMIP5/Meetings/telco100803</a><o:p></o:p></span></p>
</div>
<div>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:black'> <o:p></o:p></span></p>
</div>
<div>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:black'>There is a lot to get through, probably more than we have time for
but it’s in rough order of priority so we can see how far we get.<o:p></o:p></span></p>
</div>
<div>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:black'> <o:p></o:p></span></p>
</div>
<div>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:black'>Cheers,<o:p></o:p></span></p>
</div>
<div>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:black'>Phil<o:p></o:p></span></p>
</div>
<div>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:black'> <o:p></o:p></span></p>
</div>
<p class=MsoNormal><span style='font-size:13.5pt;font-family:"Helvetica","sans-serif";
color:black'><o:p> </o:p></span></p>
<p><span style='font-size:13.5pt;font-family:"Helvetica","sans-serif";
color:black'>--<span class=apple-converted-space> </span><br>
Scanned by iCritical.<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:13.5pt;font-family:"Helvetica","sans-serif";
color:black'><br>
_______________________________________________<br>
GO-ESSP-TECH mailing list<br>
<a href="mailto:GO-ESSP-TECH@ucar.edu">GO-ESSP-TECH@ucar.edu</a><br>
<a href="http://mailman.ucar.edu/mailman/listinfo/go-essp-tech">http://mailman.ucar.edu/mailman/listinfo/go-essp-tech</a><o:p></o:p></span></p>
</div>
</div>
<p class=MsoNormal><o:p> </o:p></p>
<div>
<div>
<div>
<div>
<div>
<div>
<p class=MsoNormal><span style='font-size:13.5pt;font-family:"Helvetica","sans-serif";
color:black'>Rachana Ananthakrishnan<o:p></o:p></span></p>
</div>
<div>
<p class=MsoNormal><span style='font-size:13.5pt;font-family:"Helvetica","sans-serif";
color:black'>Argonne National Lab | University of Chicago<o:p></o:p></span></p>
</div>
</div>
</div>
</div>
</div>
</div>
<p class=MsoNormal><o:p> </o:p></p>
</div>
</div>
</div>
<br><p>--
<BR>Scanned by iCritical.
</p>
<br></body>
</html>