[Pgi-wg] OGF PGI - Security Model - VOMS Attribute Certificate Format
Etienne URBAH
urbah at lal.in2p3.fr
Thu Mar 26 12:14:13 CDT 2009
Vincenzo,
Concerning the full list of VOMS extensions with their meaning and syntax :
Thank you very much for the link to the 'VOMS Attribute Certificate
Format' document. I have added it inside 'PGI / Input Documents /
Security Material'.
For the sake of interoperability, I suggest that you reverse the
statement written in chapter 4.2 'KeyUsage extension'. I propose :
For interoperability of authentication through X509 certificates and
X509 proxies, this extension MAY be absent.
Best regards.
----------------------------------
Etienne URBAH IN2P3 - LAL
Bat 200 91898 ORSAY France
Tel: +33 1 64 46 84 87
Mob: +33 6 22 30 53 27
Skype: etienne.urbah
mailto:urbah at lal.in2p3.fr
----------------------------------
On Wed, 25 Mar 2009, Vincenzo Ciaschini wrote:
> Etienne URBAH wrote:
>> Duane,
>>
>>
>> Thank you for your comments. Please find the original text and my
>> answers inline.
>>
>>
>> Beyond that :
>>
>> 7.9) Semantics and syntax of VOMS extensions and Restriction attributes
>> -----------------------------------------------------------------------
>> I would like to describe (for example in new section 7.9) the
>> semantics and syntax of a RESTRICTED list of VOMS extensions and
>> Restriction attributes that all grid clients MAY use and that all grid
>> services MUST understand.
>>
>> Does anybody have links to such lists ?
>>
>> - For VOMS extension, the example below gives :
>> VO, subject, issuer, attribute, timeleft, uri
> Just for clarity: attribute is indeed a list of attributes. There may
> be more than one.
>
> Also, information from more than one VO may be present.
>>
>> I agree that we have to describe the full list of VOMS extensions with
>> their meaning and syntax (or provide a link to the relevant VOMS
>> specification).
> How about this?
> https://forge.gridforum.org/sf/go/doc13797
> (also referenced in the strawman doc)
>
> If it is unclear, I'd love to receive comments.
>
> Ciao,
> Vincenzo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 4919 bytes
Desc: S/MIME Cryptographic Signature
Url : http://www.ogf.org/pipermail/pgi-wg/attachments/20090326/f6230073/attachment.bin
More information about the Pgi-wg
mailing list