[glue-wg] Endpoint.TrustedCA and ComputingEndpoint.TrustedCA Inconsistency in GFD147
JP Navarro
navarro at mcs.anl.gov
Thu Nov 1 16:01:04 EDT 2012
An ideal design might be to support named collections of CAs where any number of services across an entire federation can reference these named collections. A detailed description of what is in a named collections would only need to exist in one place within a federation.
First I think it's important to confirm that we indeed have NO uses for this today. Does anyone know of any?
Second I would propose that we open up the floor to proposed solutions. Discussing a proposed solution, and even coming to a consensus, doesn't mean we have to change the current GLUE 2 specification. The community can first try to implement a consensus solution, or multiple solutions, and at some future point decide which of these we want to integrate into a future GLUE2 revision.
In short, we need to confirm we aren't breaking any known uses and implementations while we explore solutions.
JP
On Nov 1, 2012, at 2:50 PM, <stephen.burke at stfc.ac.uk> wrote:
> JP Navarro [mailto:navarro at mcs.anl.gov] said:
>> Could these strings be a hash of a DN?
>
> That wouldn't help much, the problem is the number of CAs more than the length of each one.
>
>> How many TrustedCAs are we thinking might need to be published for each
>> endpoint, and how much data is that really? Do we think it would
>> significantly impact the performance of our information systems to publish
>> multiple collections of TrustedCA strings?
>
> At a quick count, I get 89 CAs and about 5 KB of data, compared with about 2 KB currently in an Endpoint - and that for something for which, as far as I know, we have no uses, and which would be duplicated several thousand times over. For the BDII I think publishing that would not make any sense.
>
> Stephen
>
> --
> Scanned by iCritical.
More information about the glue-wg
mailing list