[glue-wg] Endpoint.TrustedCA and ComputingEndpoint.TrustedCA Inconsistency in GFD147
stephen.burke at stfc.ac.uk
stephen.burke at stfc.ac.uk
Fri Nov 2 06:09:21 EDT 2012
Florido Paganelli [mailto:florido.paganelli at hep.lu.se] said:
> I don't like this approach of "definition by needs".
This seems to be our fundamental difference of opinion, I would say that the *only* criterion is definition by needs. Our main incentive to make GLUE 2 at all was precisely that GLUE 1 was too inflexible and didn't allow enough adaptation as needs changed, so we defined a structure which would make it much easier to redefine or extend the usage without needing a schema change.
> In don't get the point. Since you claim that such information is not used, I
> don't understand why gLite publishes it at all.
Publishing nothing would be a possibility, but "IGTF" does describe the real situation - see the EGI documentation here:
https://wiki.egi.eu/wiki/EGI_IGTF_Release
That opens the possibility of publishing additional CAs if necessary without having to repeat all the common information.
> Please explain how do gLite clients understand what are the TrustedCAs that
> such label represents, if they do. I'll be happy to produce any solution from
> that.
As I said, currently glite clients don't do anything, they just assume that all CAs relevant to a given VO will be allowed if the VO itself is allowed, and that works due to the EGI (and EGEE and LCG) policies and the practice at the sites.
Stephen
More information about the glue-wg
mailing list