[glue-wg] Who publishes UserDomains?
Burke, S (Stephen)
stephen.burke at stfc.ac.uk
Fri Dec 19 06:18:27 CST 2008
glue-wg-bounces at ogf.org
> [mailto:glue-wg-bounces at ogf.org] On Behalf Of Paul Millar said:
> Here's a potentially tricky question: who publishes the
> UserDomain objects?
At the schema level we don't define anything about how things are
published. Even at the level of the concrete representation it isn't
necessarily defined, for example the current LDAP DIT reflects the "site
bdii" structure in which things are published but it wouldn't
necessarily have to be like that. If the UDs are published at all I
would guess that they would be most naturally published with the VOMS
servers, either directly with the service or in some other way by the
hosting site. However, there are other possibilities, e.g. centrally
(all EGEE VOs from CERN?) or ad hoc (someone in each VO makes
arrangements at a local site somewhere).
> 1. The SE publishing agent creates its own set of UserDomain
> objects; given
> this, it knows the UserDomain.ID
No, it can't do that!
> 2. The SE queries for existing UserDomain objects for ones
> matching its
> requirements, so discovering the appropriate ID
I think you would configure it statically, not try to get it
dynamically. However, I suggest you don't worry about it at this stage;
I'm skeptical that UDs will be published at all, and even if they are
I'm not sure if you would actually bother to fill in all the Policy-UD
references as there might well be no use cases that would need to
navigate them. Anyway this isn't conceptually different from other
potentially cross-site relations, like CE -> SE.
> How does a client know which set of UserDomain objects
> is really the VO "ATLAS"?
It (probably) doesn't care, it just knows that rules in a particular
schema have forms like "VO: atlas" or "VOMS: /atlas/*".
Stephen
--
Scanned by iCritical.
More information about the glue-wg
mailing list