Seamlessness of Delegation (UNCLASSIFIED)
- To: <myproxy-users@ncsa.uiuc.edu>
- Subject: Seamlessness of Delegation (UNCLASSIFIED)
- From: "Friedrichs, Paul D CTR DISA PEO-IAN" <Paul.Friedrichs.ctr@disa.mil>
- Date: Thu, 12 Apr 2007 12:04:15 -0400
- Content-class: urn:content-classes:message
- Content-transfer-encoding: 8bit
- Content-type: text/plain; charset="us-ascii"
- Sender: owner-myproxy-users@ncsa.uiuc.edu
- Thread-index: Acd9HDY2kXC1WE5cRIO6f5ffZTkNvQ==
- Thread-topic: Seamlessness of Delegation (UNCLASSIFIED)
Classification: UNCLASSIFIED
Caveats: NONE
Another thought...
At the moment, I am less interested in mobile users or in large batch
jobs performed by supercomputers. I'm mostly trying to address the
non-technical user's query-response where intermediaries may need to be
involved. I need to assume the various entities are part of a governed
community but are nevertheless (or are owned by) diverse, independent
stakeholders. Human users are used to the "single sign-on" experience. I
understand that a proxy credential can enable a single sign-on situation
for the user, but the user may wish to use several different proxies,
and would expect (demand, actually) the authorization of these several
proxies to be as seamless as possible. I completely agree that there
should be an unambiguous ceremony associated with the business act of
authorizing the proxy, but everything else should be invisible.
I'm not suggesting that proxy credentials are necessary for the
following scenario, but it is easy for me to use to describe what I'm
striving for: After clicking on a particular button on buybooks.com, I
should see, "Are you sure you want to authorize buybooks.com to purchase
the book 'Into Thin Air,' by John D, Smith on your behalf at a price no
higher than 13$US no later than 12 EST 3 May 2007?" When I click "OK,"
the user's experience should be complete. But under the hood, as I
understand things, my client would put a proxy credential to a MyProxy
server and inform buybooks.com, and buybooks.com would get the proxy
credential and start looking for me. Aside from the specificity of the
delegation, I understand that this level of automation, if it does not
already exist, can be added above what may be the current
client/libraries. I'm wondering whether this is the sort of thing the
MyProxy community has been considering - essentially supporting
non-technical users.
Thanks again,
Paul
Classification: UNCLASSIFIED
Caveats: NONE