[caops-wg] Name Constraints - attempt at framing issues
Mike Helm
helm at fionn.es.net
Fri Oct 14 15:22:07 CDT 2005
"Cowles, Robert D." writes:
> > them? Building a whole trust infrastructure on untrusted TTPs is a
> > pointless exercise in futility.
>
> Yes ... well, it was pointed out at the last EUgridPMA meeting
> that the VO's go thru almost the exact same process to register
> people ... so what value did the CA's provide?
Well, I don't know what discussion took place at the last EUGrid PMA meeting,
since I was not permitted to attend by local forces, however,
the choice of how VO's manage their affairs in the US is almost entirely
up to them. DOEGrids certainly has some VOs who register members and
issue certificates directly. Why US HE physics grids don't integrate
these functions more directly I don't know. I have raised this question
several times, recently with OSG, and ... nothing. Probably this is some
optimization of the process that has so far remained invisible
to me. Or perhaps some merge certification & integration and some don't, but it has been
my impression that certification and registration were kept
completely separate. Maybe the system is adequate despite its
lack of esthetic appeal. Don't know.
More information about the caops-wg
mailing list