[OGSA-AUTHZ] Next Telecon
Alan Sill
Alan.Sill at ttu.edu
Tue Oct 31 16:26:22 CST 2006
On Oct 31, 2006, at 3:59 PM, David Chadwick wrote:
> Why cant it? I thought the ACs were created on demand for the user and
> were different for different grid jobs. In which case, when the VOMS
> server creates the AC for the particular job, it puts the two
> attributes
> (primary and all) inside the one AC.
They're different for every voms-proxy-init, which is basically a
grid-proxy-init step that contacts a VOMS server. Thus they will be
different for every issuance of v-p-i but may be the same across jobs.
A typical use case might be that the user wants to submit to a given
VO's resources, does a v-p-i with argument -voms (VO VOMS server)
including possibly the assertion of group membership or role, does
the submissions, which could be a large number. May use that VOMS
proxy for an extended period of time for multiple operations. Up[on
wanting to switch to a different VO or a different group or role
within the VO, does a new voms-proxy-init and gets a new proxy.
repeat as necessary.
VOMS proxy certs can be extended, destroyed, etc. just as grid proxies.
Alan Sill, Ph.D
TIGRE Senior Scientist
High Performance Computing Center
TTU
====================================================================
: Alan Sill, Texas Tech University Office: Admin 233, MS 4-1167 :
: e-mail: Alan.Sill at ttu.edu ph. 806-742-4350 fax 806-742-4358 :
====================================================================
More information about the ogsa-authz-wg
mailing list