[glue-wg] DENY rules
Sergio Andreozzi
sergio.andreozzi at cnaf.infn.it
Tue Apr 15 09:01:06 CDT 2008
Laurence Field wrote:
> If this syntax is required, it should be defined by the group that
> defines FQANs. There are many places in the architecture where such
> matchmaking takes place and the information system is just one of
> them. The problem within EGEE, as you stated was that the method of
> matchmaking in LCMAPS and the WMS was not consistent. I realize that
> some of us involved in Glue would also be involved in the other
> discussion but we need to separate these different roles. We should
> not define this syntax but reference where this syntax if defined. If
> this syntax has not been defined we need to state this and not make
> invent one.
my colleagues sitting in my office which work on AuthZ are doing this
work for EGEE-3. They are defining a simple syntax for sysadmin to write
blacklist/whitelist rules about services which then will be
automatically translated to XACML.
They will close this spec in about 2 weeks, therefore I would suggest we
sync with them and we put this for public comments in GLUE 2.0.
I will produce the draft for the next telecon on Computing.
Sergio
More information about the glue-wg
mailing list