[glue-wg] DENY rules
Maarten.Litmaath at cern.ch
Maarten.Litmaath at cern.ch
Mon Apr 14 17:18:10 CDT 2008
Ciao Sergio,
> please, have a look at section 18.3 of latest GLUE spec. There is an
> initial draft of how rules can be specified using a 'basic' policy
> scheme for GLUE:
>
>
> basic rule ::= DN_RULE | VO_RULE | VOMS_RULE | ?ALL?
> DN_RULE ::= ?dn:? DN_NAME
> VO_RULE ::= ?vo:? [a-zA-Z0-9-_\.]*
> VOMS_RULE ::= ?voms:? VOMS_FQAN (?EXCEPT? VOMS_FQAN)?
How would one express that a VO "foo" has access except for the
groups /foo/bar and /foo/xyz?
More information about the glue-wg
mailing list