[glue-wg] DENY rules
Burke, S (Stephen)
S.Burke at rl.ac.uk
Mon Apr 14 14:57:52 CDT 2008
Paul Millar [mailto:paul.millar at desy.de] said:
> > VOMS:/atlas/*:EXCEPT:/atlas/higgs
[...]
> What you describe is an invalid FQAN.
In what sense? Obviously the entire string
(/atlas/*:EXCEPT:/atlas/higgs) is not an FQAN, but if that were the
format then you would parse it into two pieces first (I don't think : is
valid in FQANs, although I could be wrong, and you could use some other
separator). If you mean that /atlas/* isn't a valid FQAN that's true in
a strict sense, but it is valid according to the matching rules now
being adopted in EGEE. If your point is that you need to know which
format is being used, the suggestion was to have two separate
PolicyScheme types, one without DENY or equivalent and one with.
Stephen
More information about the glue-wg
mailing list