[OGSA-AUTHZ] Next Telecon
David Chadwick
d.w.chadwick at kent.ac.uk
Wed Nov 1 10:02:57 CST 2006
Alan
I dont think your use case disagrees with what I am suggesting, which is
on every v-p-i the user says which attribute is to be primary one (or not)
regards
David
Alan Sill wrote:
>
> On Oct 31, 2006, at 3:59 PM, David Chadwick wrote:
>
>> Why cant it? I thought the ACs were created on demand for the user and
>> were different for different grid jobs. In which case, when the VOMS
>> server creates the AC for the particular job, it puts the two attributes
>> (primary and all) inside the one AC.
>
> They're different for every voms-proxy-init, which is basically a
> grid-proxy-init step that contacts a VOMS server. Thus they will be
> different for every issuance of v-p-i but may be the same across jobs.
>
> A typical use case might be that the user wants to submit to a given
> VO's resources, does a v-p-i with argument -voms (VO VOMS server)
> including possibly the assertion of group membership or role, does the
> submissions, which could be a large number. May use that VOMS proxy for
> an extended period of time for multiple operations. Up[on wanting to
> switch to a different VO or a different group or role within the VO,
> does a new voms-proxy-init and gets a new proxy. repeat as necessary.
>
> VOMS proxy certs can be extended, destroyed, etc. just as grid proxies.
>
> Alan Sill, Ph.D
> TIGRE Senior Scientist
> High Performance Computing Center
> TTU
>
> ====================================================================
> : Alan Sill, Texas Tech University Office: Admin 233, MS 4-1167 :
> : e-mail: Alan.Sill at ttu.edu ph. 806-742-4350 fax 806-742-4358 :
> ====================================================================
>
>
>
--
*****************************************************************
David W. Chadwick, BSc PhD
Professor of Information Systems Security
The Computing Laboratory, University of Kent, Canterbury, CT2 7NF
Skype Name: davidwchadwick
Tel: +44 1227 82 3221
Fax +44 1227 762 811
Mobile: +44 77 96 44 7184
Email: D.W.Chadwick at kent.ac.uk
Home Page: http://www.cs.kent.ac.uk/people/staff/dwc8/index.html
Research Web site: http://sec.cs.kent.ac.uk
Entrust key validation string: MLJ9-DU5T-HV8J
PGP Key ID is 0xBC238DE5
*****************************************************************
More information about the ogsa-authz-wg
mailing list