[glue-wg] Comparison with CIM
Burke, S (Stephen)
S.Burke at rl.ac.uk
Tue Apr 29 11:07:03 CDT 2008
glue-wg-bounces at ogf.org
> [mailto:glue-wg-bounces at ogf.org] On Behalf Of Paul Millar said:
> My view is GLUE
> simply shouldn't publish any ACL information: a simple link
> from UserDomain
> to the objects that UserDomain might interact with should be
> sufficient,
> right? At worse, people try a service and find out they're
> not authorised
> (which is an inevitable possibility, as GLUE can never
> publish all ACEs).
I think a key point in all these discussions is to remember that we're
always striking a balance, and practicality is more important than
purity. It's certainly true that we can't publish all ACLs at an
arbitrary level of detail. On the other hand the main purpose of GLUE is
to allow a client to prune the range of resources it has to deal with -
if you have to contact 500 services to find the one that authorises you
then you probably have a problem. I think the way to deal with that is
for the schema to define the format, and individual grids can then
decide what level of detail is needed for their community.
Stephen
More information about the glue-wg
mailing list