Workflow

[Tony Linde]

All this comes under the general security heading. We need to be able to
identify users and groups of users: their identity, attributes, composition
etc. We then need to allow the addition of access rights to resources which
permit levels of access to resources for different groups. We need standards
for how these users and groups are identified, authenticated and authorised
and how security information is passed between resources.

And, yes, all this is more critical than workflow standards. Perhaps we'd be
better off organising a security BOF at Kyoto leading to a security
workgroup rather than the workflow one.

Cheers,
Tony. 

> -----Original Message-----
> From: Anita Richards [mailto:amsr at jb.man.ac.uk] 
> Sent: 20 January 2005 09:05
> To: Elizabeth Auden
> Cc: KevinBenson; Tony Linde; Interop IVOA
> Subject: RE: Workflow
> 
> 
> ... or Registry?
> 
> This is a more general point on authinetication.  THere are 
> (at least) two main categories
> 
> 1) Data are restricted by date.  Typically, a data set will 
> be restricted to a specific list of named individuals for 1 
> yr, then open to all.  This seems to me to be a relatively 
> easy case, as long as the data ptovider specifies the correct 
> date and list of people.  Howver we would need a few standard 
> elements for these terms
> 
> 2) Data which are available only to people working in certain 
> countries or institutes or even of certain nationalities 
> (with or without a cut-off date).  This seems a far more 
> complicated case and maybe should be left on one side unless 
> that is the specific situation which Elizabeth's science case 
> produces.
> 
> As a further complication, data might be in a catalogue (e.g. 
> an observing
> log) which is parly public and partly restricted.  Do we need 
> to ask data providers to produce separate 
> catalogues/archives? To conform to a standard code for 
> identifying public and private parts?
> 
> In the radio archive context, we will have to tackle some of 
> these issues in the next year or so and I thnk that some 
> standards are needed.  However to me it seems more a Registry 
> problem than a workflow problem, except that there would need 
> to be some way of passing the identity of the user to a data 
> provider, to decide whether to respond to a query.
> 
> cheers
> a
> 
> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 
> - Dr. Anita M. S. Richards, AstroGrid Astronomer MERLIN/VLBI 
> National Facility, University of Manchester, Jodrell Bank 
> Observatory, Macclesfield, Cheshire SK11 9DL, U.K.
> tel +44 (0)1477 572683 (direct); 571321 (switchboard); 571618 (fax).
> 
> 
> On Wed, 19 Jan 2005, Elizabeth Auden wrote:
> 
> > > I think it is more important at this stage to concentrate 
> on a few 
> > > more issues such as:
> > > Authentication
> > > Community
> > > Possibly Authorisation as well.
> >
> > There is a possible science case that would require 
> authentication / 
> > authorization for propietary datasets. Silvia Dalla and I talked to 
> > some of the STP guys at RAL today, and Sarah James has some ideas 
> > involving the ground-based EISCAT data, part of which is 
> propietary. I 
> > know that most
> > (all?) of the NASA datasets are public, but do other 
> members of IVOA 
> > have propietary datasets they'd like to work into workflows?
> >
> > cheers,
> > Elizabeth
> >
>