[Wg-uma] e-science VO use case (Re: Proposed Use Case writing convention)

Eve Maler eve at xmlgrrl.com
Wed Aug 26 14:45:43 PDT 2009

Hi Diego-- Thanks for submitting this.  (Sorry we'll miss you  
tomorrow!)  I have some questions for you:

Though I'm not intimately familiar with the VO concept (and certainly  
not in the grid context), I've had some conversations with folks in  
the last few months that have touched on it, and it seems somewhat  
related to scenarios of these sorts:

- Small businesses on the web, e.g. permissioning your bookkeeper to  
get into your Quicken or TurboTax account to do a limited set of  
functions (we might have to defer this due to a real human being  
sitting in the "Consumer's" seat??)

- Multi-tenancy hosted (cloud-based) app development, in which you  
want to permission *apps* acting on your behalf to access *other apps*  
(or datasets) hosted elsewhere -- very OAuth-ish, only the developer  
would want to have a central control point for access rules

Are either of these getting close to the specific situations you're  
thinking of?  Can we flesh out the scenario with more data of this sort?


On 25 Aug 2009, at 4:19 PM, Diego R. Lopez wrote:

> Hi,
> Here you are one for your consideration, based on some ideas I have  
> to start services for supporting Virtual
> Organizations (VO, in the e-science sense, see
> http://en.wikipedia.org/wiki/Virtual_Organization_%28Grid_computing 
> %29)
> #Use Case: User-mediated management of virtual organization membership
> #Scenario Description: Membership in a VO is normally established by  
> attribute authorities,
> that are usually contacted either by users to obtain appropriate  
> credentials to be presented at resources,
> or by resources themselves requesting an assertion on the membership  
> status an attributes by means of a given
> user identifier.
> Current implementations of such attribute authorities are centrally  
> managed by VO managers, who therefore
> control the exposure of user data to the different participating  
> services.
> In this scenario, VO managers would register pointers to personal  
> attribute repositories, and users will
> control the access to their attributes (and therefore the services  
> they want to use and they want to be
> known by) by means of those repositories.
> #Actors: VO attribute authority, VO manager, VO services
> #Issues: Different models can be applied to carry on the above  
> scenario. In the simplest one, the VO attribute
> authority is trusted by users, so it collects user data during an  
> enrollment phase and applies the policies
> expressed by users in their attribute stores. In the other extreme,  
> VO attribute authorities forward requests
> to personal attribute stores and never cache any personal data. A  
> mix of them, depending on the sensitivity
> of data (or on user paranoia) is foreseable.
> How trust links are established and enforced is out of scope
> #Requirements: Policy expressions must be coherent among VO  
> attribute authority and personal stores.
> Be goode,
> --
> "Esta vez no fallaremos, Doctor Infierno"
> Dr Diego R. Lopez
> Red.es - RedIRIS
> The Spanish NREN
> e-mail: diego.lopez at rediris.es
> jid:        diego.lopez at rediris.es
> Tel:    +34 955 056 621
> Mobile: +34 669 898 094
> -----------------------------------------
> _______________________________________________
> Wg-uma mailing list
> Wg-uma at kantarainitiative.org
> http://kantarainitiative.org/mailman/listinfo/wg-uma_kantarainitiative.org

Eve Maler
eve at xmlgrrl.com

More information about the Wg-uma mailing list