Authentication: namespace constraints, certificate profile
Audit Event Logging: near-term guidelines document
Security complexity and some personal reflection: CA release procedure, glExec and site acceptance of security middleware, VO naming, and do ‘normal’ people still understand us?