[glue-wg] Thoughts on WLCG storage accounting use-cases
Burke, S (Stephen)
stephen.burke at stfc.ac.uk
Fri Dec 19 06:29:32 CST 2008
Paul Millar [mailto:paul.millar at desy.de] said:
> Without linking the Policy object to a
> UserDomain, one forces
> the GLUE client to understand the authorisation schema to
> decide whether members of the UG are allowed to access it.
It's certainly true that the client has to understand the authz scheme,
but that's true regardless, it has nothing to do with the UDs, and the
UDs are unlikely to offer any help to a client in interpreting authz
rules.
> Multiple MappingPolicy objects MAY refer to the same
> Share object. If so,
> these MappingPolicy objects SHOULD have different
> authorisation schemata.
I'm not sure if we can make it that strong because I have no idea what
other authz schemes might look like! Basically it would be up to any
grid/community devising a scheme to make sure that what it did was
consistent and workable.
Stephen
--
Scanned by iCritical.
More information about the glue-wg
mailing list