[gin-auth] Multiple VO membership (Some ramblings and 1 question).
Jensen, J (Jens)
J.Jensen at rl.ac.uk
Thu May 4 06:56:13 CDT 2006
> They both look quite usable, but NGS uses VDT middleware, Globus
> Toolkit 2.4.3 or Globus Toolkit 4 Pre Web services. Patching LCAS and
> LCMAPS into the gatekeepers running on these resources is a bit
> heavyweight. NGS is looking at moving towards it but it's
> still very much in the planning and testing mode.
IANAGKE (I am not a gatekeeper expert) but IIRC the gatekeeper was the
very first thing to have LCAS and LCMAPS patched into it, already back
in EDG. So it should be in the LCG and gLite releases. From p11 of
https://edms.cern.ch/file/572489/1/WMS-guide.pdf :
It is important to note that besides authentication, proxy credential issued by VOMS, i.e. containing
FQANs (Fully Qualified Attribute Names [R4]), are used by the WMS-UI to get the VO the user is
currently working for. If a given proxy credential contains attributes for more then one VO, than the
default one (i.e. the one first position) is considered.
I'm all for rolling up the sleeves (except I am usually in a tee shirt :-)
but we should also avoid duplication of effort. If someone is already
doing it, or has already done it, particularly as open source, then
no point in doing it again. Can VDT or Globus look into taking in
these patches?
Also a reminder, that a Shib-enabled gatekeeper is one of the goals
of EGEE (EGEE2 presumably); SWITCH told me they were going to work on it
but it depends on Shib2.
Thanks,
--jens
More information about the gin-auth
mailing list