[gin-auth] VO naming
Oscar Koeroo
okoeroo at nikhef.nl
Wed Mar 1 09:48:15 CST 2006
Hi all,
Next week I'll be giving a short 0,75 hour presentation on this topic at
the Middleware Security group meeting @ CERN.
The focus is to inform people about this topic in short and simple terms
to create a focussed discussion.
Ofcourse some speech needs to be applied to the slides but it should
leverage the common idea.
I think we are still open for new input and also in the focus of making
a (short term) decision afterwards concidering the 'N' in GIN.
Penny for your thoughts?
Oscar
Catlett Charlie wrote:
> A TLD would take some time to sell (and might not be achievable).
>
> But <something>.<existing_TLD> is certainly easy.
>
> GGF owns ggf.net by the way, but it's not used.
>
> One could also imagine something like <gridname>.ggf.net ?
>
> CeC
>
>
> On Feb 24, 2006, at 8:48 AM, Dane Skow wrote:
>
>>
>> It's not the first time a .grid TLD idea has come up. I don't know
>> what is involved in creating one. I'm sure it's not trivial, but
>> none of the country codes or .org/.com/.biz really fit.
>>
>> As of 2 minutes ago, I now own the grid.name domain so we might use
>> that one. It doesn't have well established connotations (though I
>> believe the intendition is for it to be used for individuals'
>> names). It has a nice naming ring. Something to consider.
>>
>> I fully agree that "good enough" beats "better but not quite
>> available/robust" !
>>
>> (Note, I changed the mailing list over to the new gin-auth one.
>> Let's stop using mgi.)
>>
>> Dane
>>
>> On Feb 24, 2006, at 12:47 AM, <Rhys.Francis at csiro.au> wrote:
>>
>>> Hi
>>>
>>> Well that's interesting because the issue I raised concerned the fact
>>> that VO names weren't fully qualified names in any global sense, so
>>> once
>>> we recognise other people's CA's and then VOMS servers, partial
>>> qualification would no longer work.
>>>
>>> Afterwards I wondered if we should just use dns to qualify names, and
>>> then I wondered if we could get a .grid domain (and if not perhaps
>>> .grid.net domain). We could let Dane run it :), then he can create a
>>> subdomain for each grid then we can call our VO servers and our VOs,
>>> whatever we like, if our software fully qualifies a right with the
>>> domain name of the server and its list of VO, groups and subgoups in
>>> which the right is defined.
>>>
>>> I am not an expert on dns and domain name spoofing so I don't know
>>> if it
>>> is a good or a bad idea.
>>>
>>> The problem of the ontologies used by VO servers and hence the
>>> identifiers used to denote rights seems hard, especially as the rights
>>> are enacted by gateway services (not by the VO server), so a common
>>> way
>>> of specification for gateway actions is required if we are to agree
>>> on a
>>> set of common rights. I think this means we need the smallest
>>> possible
>>> set of the simplest possible rights to start with.
>>>
>>> Rhys
>>>
>>> 0417 376 476
>>> 03 9669 8135
>>>
>>>
>>>
>>>
>>> -----Original Message-----
>>> From: owner-mgi-auth at ggf.org [mailto:owner-mgi-auth at ggf.org] On Behalf
>>> Of Olle Mulmo
>>> Sent: Thursday, 23 February 2006 10:18 PM
>>> To: mgi-auth at ggf.org
>>> Subject: [mgi-auth] FYI: VO naming
>>>
>>>
>>>
>>> The issue of VO names came up at the GGF sessions last week. This is
>>> just an FYI to let people know that EGEE has taken the approach of
>>> DNS-alike, hierarchical names. ("Alike" in the sense that an actual
>>> DNS entry is not required, but that it should be a reasonable
>>> confidence that no name space clashes will occur.)
>>>
>>> Unfortunately, this naming convention has not been enforced to date.
>>>
>>> /O
>>>
>>> PS. Shouldn't this mailing list get renamed?
>>>
>>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: MWSG-mrt-7-8-2006-VOMS-Naming.ppt
Type: application/vnd.ms-powerpoint
Size: 644096 bytes
Desc: not available
Url : http://www.ogf.org/pipermail/gin-auth/attachments/20060301/c607ed18/attachment.ppt
More information about the gin-auth
mailing list