The CAOPS Working Group, part of the Standards Security Area, is concerned with the organization of operational aspects of 'cross-grid' authentication. As such, it maintains strong links with the International Grid Trust Federation (IGTF), concerned with the actual implementation of guidelines and accreditation of authentication providers.
Closely related activities occur in the area of conveying authentication decisions, and the associated standards in the WS and PKI domains.
- Grid Certificate Profile (editors: D. Groep, M. Helm, J. Jensen, M. Sova, S. Rea, R. Karlsen-Masur, U. Epting, M. Jones)
Documents currently under consideration by the CAOPS-WG
- Audit Guidelines (editor: Yoshio Tanaka, Matt Viljoen, Scott Rea)
- Provide guidelines for auditing CAs
- Auditing Check List
- Authentication Service Profile (editors: Christos Kanellopoulos, David Groep)
- Definition of what and Authentication Profile is
- Requirements for writing Authentication Profiles
- this acts as the document template for the Authentication Profiles used in the IGTF
- Relying Party Defined Namespace Policies (editors: David Groep, Olle Mulmo, Von Welch)
- Identify the requirements on the expression of the namespace constraints policy and on the processing and interpretation semantics of the policy by the relying parties
- document the existing signing_policy file format
- discuss alternatives to this format
- A gap analysis of current LoA definitions versus LoA requirements in e-Science/Grid context (editor: Mike Jones, et.al.)
- give an overview of current LoA definitions and the related efforts
- identify gaps between these definitions and the potential use of LoA in the e-Science/Grid context.
- OCSP requirements for Grids (editors: Olle Mulmo, Mike Helm, Jesus Luna, Oscar Manso, Milan Sova)
- requirements on relying parties and responders,
- service architecture options,
- site caches, clearing house, high-level responders
- A risk analysis in relation to LoA and use case gathering in an e-Science context (editor: Mike Helm)
- Present a risk analysis from the prospective of relying parties (or service providers)