UCTrust Workgroup
Child pages
  • Organizational Correspondence from David Walker (Feb 6 and Feb 9)

Organizational Correspondence from David Walker

From:     David Walker <DHWalker@ucdavis.edu>
To:     Prakashan Korambath <ppk@ats.ucla.edu>, Bill Labate <labate@ats.ucla.edu>
Cc:     Kathleen M Beyer <kmbeyer@ucdavis.edu>, David H Walker <dhwalker@ucdavis.edu>, Albert Wu <albertwu@ucla.edu>, Arlene Allen <arlene.allen@isc.ucsb.edu>
Subject:     UC-wide authentication for UC Grid
Date:     Fri, 6 Feb 2009 16:03:15 -0800

Bill
Prakashan

As I mentioned during the UCGrid call earlier this week, there is a meeting of the IT Architecture Group at UCLA on 2/19, so I'm hoping we could get together on 2/18 to talk about getting UC Grid integrated into UCTrust.  Would you (and whomever else you think is appropriate) have a couple of hours that afternoon?  I've also spoken with Albert Wu and Arlene Allen of UCSB; they participate in UCTrust and are interested in attending.

Here's a proposed set of discussion topics:

  • The current (non-UCTrust) authentication architecture for UC Grid.  Anything you can tell the rest of us to read before the meeting would be appreciated.  Also, Arlene mentioned that she has heard some concerns about the current architecture from Rich Wolski.  Arlene, can you summarize those concerns for the group?
  • What we would need to change in that architecture for UCTrust integration.
  • What we would like to change in that architecture while we integrate into UCTrust (or after integration).

Speak up if the afternoon is not good or you think we need more time.  Arlene and I will both be traveling from our respective locations on 2/18 for the ITAG meeting on 2/19, so I could be available any time during the day, although I'd appreciate not starting too early.  I suspect Arlene has similar scheduling availability and preferences (but I should let her speak for herself).

David

From:     David Walker <DHWalker@ucdavis.edu>
To:     Korambath, Prakashan <ppk@ats.ucla.edu>
Cc:     Labate, Bill <labate@ats.ucla.edu>, Jin, Kejian <kjin@ats.ucla.edu>, Kathleen M Beyer <kmbeyer@ucdavis.edu>, Wu, Albert <albertwu@ucla.edu>, Arlene Allen <arlene.allen@isc.ucsb.edu>
Subject:     RE: UC-wide authentication for UC Grid
Date:     Mon, 09 Feb 2009 13:17:23 -0800

Everyone,

Prakashan and I just talked.  We'll be meeting 1:00-3:00 on 2/18 at a location in ATS that Prakashan will announce.

In preparation for our discussion...

  • Prakashan and Keijin, please send the rest of us any reading assignments you think will help the rest of us understand UC Grid's needs.
  • Arlene, please summarize Rich Wolski's concerns.
  • To get the discussion rolling, I'll draft my views (suitable for shredding) on how the UCTrust / UC Grid integration might work.

And now for my action item...

  • It's my understanding that the Globus Toolkit uses digital certificates to identify users.
  • It's also my understanding is that UC Grid currently associates a username (and password) with those certificates.  The username/password pair, not the certificate, is used to access the UC Grid Portal.
  • At a minimum, UCTrust could simply replace the username with an identifier in a SAML assertion.  Everything "downstream" would be the same.

There are, of course, a number of possible enhancements, probably none of which are short-term:

  • Have the certificate be part of the SAML assertion, implying that the certificates are managed by the campus identity management people.
  • Have UC Grid use SAML assertions internally, instead of certificates.
  • and on and on...

See you all next week!

David Walker
Campus IT Architect
Information and Educational Technology, Office of the Vice Provost
University of California, Davis
One Shields Avenue
Davis, CA 95616
(530) 752-9390
DHWalker@ucdavis.edu

  • No labels