[Wg-uma] e-science VO use case (Re: Proposed Use Case writing convention)

Diego R. Lopez diego.lopez at rediris.es
Tue Aug 25 16:19:28 PDT 2009


Hi,

Here you are one for your consideration, based on some ideas I have to  
start services for supporting Virtual
Organizations (VO, in the e-science sense, see
http://en.wikipedia.org/wiki/Virtual_Organization_%28Grid_computing%29)

#Use Case: User-mediated management of virtual organization membership

#Scenario Description: Membership in a VO is normally established by  
attribute authorities,
that are usually contacted either by users to obtain appropriate  
credentials to be presented at resources,
or by resources themselves requesting an assertion on the membership  
status an attributes by means of a given
user identifier.
Current implementations of such attribute authorities are centrally  
managed by VO managers, who therefore
control the exposure of user data to the different participating  
services.
In this scenario, VO managers would register pointers to personal  
attribute repositories, and users will
control the access to their attributes (and therefore the services  
they want to use and they want to be
known by) by means of those repositories.

#Actors: VO attribute authority, VO manager, VO services

#Issues: Different models can be applied to carry on the above  
scenario. In the simplest one, the VO attribute
authority is trusted by users, so it collects user data during an  
enrollment phase and applies the policies
expressed by users in their attribute stores. In the other extreme, VO  
attribute authorities forward requests
to personal attribute stores and never cache any personal data. A mix  
of them, depending on the sensitivity
of data (or on user paranoia) is foreseable.
How trust links are established and enforced is out of scope

#Requirements: Policy expressions must be coherent among VO attribute  
authority and personal stores.

Be goode,

--
"Esta vez no fallaremos, Doctor Infierno"

Dr Diego R. Lopez

Red.es - RedIRIS
The Spanish NREN

e-mail: diego.lopez at rediris.es
jid:        diego.lopez at rediris.es
Tel:    +34 955 056 621
Mobile: +34 669 898 094
-----------------------------------------






More information about the Wg-uma mailing list