[glue-wg] DENY rules
Sergio Andreozzi
sergio.andreozzi at cnaf.infn.it
Mon Apr 14 17:18:35 CDT 2008
Hi Paul,
please, have a look at section 18.3 of latest GLUE spec. There is an
initial draft of how rules can be specified using a 'basic' policy
scheme for GLUE:
basic rule ::= DN_RULE | VO_RULE | VOMS_RULE | ‘ALL’
DN_RULE ::= ‘dn:’ DN_NAME
VO_RULE ::= ‘vo:’ [a-zA-Z0-9-_\.]*
VOMS_RULE ::= ‘voms:’ VOMS_FQAN (‘EXCEPT’ VOMS_FQAN)?
we may want to use a different prefix than 'voms:' if this remindes to
just FQAN.
> Although, defining "FQAN predicates" schema probably isn't part of what GLUE
> should be up to.
>
we need to address this because it is an important aspect for the
interoperability. At least, we want to provide a basic scheme.
Cheers, Sergio
More information about the glue-wg
mailing list