[Pgi-wg] OGF PGI - Security Model - VOMS Attribute Certificate Format

Etienne URBAH urbah at lal.in2p3.fr
Thu Mar 26 12:14:13 CDT 2009 

Vincenzo,

Concerning the full list of VOMS extensions with their meaning and syntax :

Thank you very much for the link to the 'VOMS Attribute Certificate 
Format' document.  I have added it inside 'PGI / Input Documents / 
Security Material'.

For the sake of interoperability, I suggest that you reverse the 
statement written in chapter 4.2 'KeyUsage extension'.  I propose :
For interoperability of authentication through X509 certificates and 
X509 proxies, this extension MAY be absent.

Best regards.

----------------------------------
Etienne URBAH          IN2P3 - LAL
Bat 200     91898 ORSAY     France
Tel: +33 1 64 46 84 87
Mob: +33 6 22 30 53 27
Skype: etienne.urbah
mailto:urbah at lal.in2p3.fr
----------------------------------


On Wed, 25 Mar 2009, Vincenzo Ciaschini wrote:
> Etienne URBAH wrote:
>> Duane,
>>
>>
>> Thank you for your comments.  Please find the original text and my 
>> answers inline.
>>
>>
>> Beyond that :
>>
>> 7.9) Semantics and syntax of VOMS extensions and Restriction attributes
>> -----------------------------------------------------------------------
>> I would like to describe (for example in new section 7.9) the 
>> semantics and syntax of a RESTRICTED list of VOMS extensions and 
>> Restriction attributes that all grid clients MAY use and that all grid 
>> services MUST understand.
>>
>> Does anybody have links to such lists ?
>>
>> -  For VOMS extension, the example below gives :
>>    VO,  subject,  issuer,  attribute,  timeleft,  uri
> Just for clarity: attribute is indeed a list of attributes.  There may 
> be more than one.
> 
> Also, information from more than one VO may be present.
>>
>> I agree that we have to describe the full list of VOMS extensions with 
>> their meaning and syntax (or provide a link to the relevant VOMS 
>> specification).
> How about this?
> https://forge.gridforum.org/sf/go/doc13797
> (also referenced in the strawman doc)
> 
> If it is unclear, I'd love to receive comments.
> 
> Ciao,
>    Vincenzo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 4919 bytes
Desc: S/MIME Cryptographic Signature
Url : http://www.ogf.org/pipermail/pgi-wg/attachments/20090326/f6230073/attachment.bin

More information about the Pgi-wg mailing list