[OGSA-AUTHZ] VOMS Primary Attribute

David Chadwick d.w.chadwick at kent.ac.uk
Wed Jan 31 10:31:28 CST 2007 

Hi Vincenzo

If something is defined as a sequence, then order is important and it 
should be maintained.

So it would appear that you are doing things correctly in your 
implementation. Whether it is the best way of doing it or not, is open 
to debate. But it is your implementation and your choice

regards

David


Vincenzo Ciaschini wrote:
> Hi David,
> 
> David Chadwick wrote:
> 
>>
>> Valerio Venturi wrote:
>>
>>> On Mon, 2007-01-29 at 20:10 +0000, David Chadwick wrote:
>>>
>>>
>>>>> * VOMS profile Discussed on Oct 16 telecon - minutes on list Meaning
>>>>> of the primary type must be explicit rather than implicit (as 
>>>>> currently done via sequence) Awaiting response from VOMS group
>>>
>>> What we haven't understood so far is why an explicit primary attribute
>>> is needed rather then an implicit one and what needs an eventual change
>>> in VOMS AC format would address.
>>
>>
>> Hi Valerio
>>
>> The OGSA Authz group is not saying that an explicit primary attribute 
>> is needed. It is saying that if you have a set of attributes, then 
>> they are all the same, and should be treated as all being the same, 
>> and you cannot imply something special for the first one in the list, 
>> since the order may not be maintained by intermediate processing 
>> nodes, or even by software modules within one system.
> Ahhhh....  I think that there is a misunderstanding here.  It is 
> certainly true that a single Attribute object may contain a SET OF 
> AttributeValue, thus creating the problem you just described.  However, 
> the VOMS attribute is defined as such, as you may also see in the profile:
> 
> name         : voms-attribute
> OID          : { voms 4 }
> syntax       : IetfAttrSyntax
> values       : Multiple not allowed
> 
> This means that only one value may be present in there.
> 
> The different FQAN are then encoded in that single value in a sequence.
> 
> Evaluating nodes are so required to keep the order to comply with ASN.1 
> decoding rules, thus eliminating the issue.
> 
> Ciao,
>    Vincenzo
> 
> 
> 

-- 

*****************************************************************
David W. Chadwick, BSc PhD
Professor of Information Systems Security
The Computing Laboratory, University of Kent, Canterbury, CT2 7NF
Skype Name: davidwchadwick
Tel: +44 1227 82 3221
Fax +44 1227 762 811
Mobile: +44 77 96 44 7184
Email: D.W.Chadwick at kent.ac.uk
Home Page: http://www.cs.kent.ac.uk/people/staff/dwc8/index.html
Research Web site: http://sec.cs.kent.ac.uk
Entrust key validation string: MLJ9-DU5T-HV8J
PGP Key ID is 0xBC238DE5

*****************************************************************

More information about the ogsa-authz-wg mailing list