[Pgi-wg] OGF PGI - Security Strawman
Aleksandr Konstantinov
aleksandr.konstantinov at fys.uio.no
Fri Mar 27 08:40:09 CDT 2009
On Friday 27 March 2009 14:39, Morris Riedel wrote:
> But Aleksandr - I think we all agree to the VOMS scenario - come on that’s
> something where we can't go currently... :-)
As I already said I'm not suggesting to profile other information whihc can be used for authorization.
I said that such information should not be disallowed. Just write profile in such way that other options
are up to deployment. Currently all sentence are read on this mailing lists looked like requiring only
listed options to be used for authorization. And this is wrong from my point of view.
A.K.
>
> ------------------------------------------------------------
> Morris Riedel
> SW - Engineer
> Distributed Systems and Grid Computing Division
> Jülich Supercomputing Centre (JSC)
> Forschungszentrum Juelich
> Wilhelm-Johnen-Str. 1
> D - 52425 Juelich
> Germany
>
> Email: m.riedel at fz-juelich.de
> Info: http://www.fz-juelich.de/jsc/JSCPeople/riedel
> Phone: +49 2461 61 - 3651
> Fax: +49 2461 61 - 6656
>
> Skype: MorrisRiedel
>
> "We work to better ourselves, and the rest of humanity"
>
> Sitz der Gesellschaft: Jülich
> Eingetragen im Handelsregister des Amtsgerichts Düren Nr. HR B 3498
> Vorsitzende des Aufsichtsrats: MinDirig'in Bärbel Brumme-Bothe
> Vorstand: Prof. Dr. Achim Bachem (Vorsitzender),
> Dr. Ulrich Krafft (stellv. Vorsitzender)
>
>
> >------Original Message-----
> >-From: Aleksandr Konstantinov [mailto:aleksandr.konstantinov at fys.uio.no]
> >-Sent: Friday, March 27, 2009 1:29 PM
> >-To: Morris Riedel
> >-Subject: Re: [Pgi-wg] OGF PGI - Security Strawman
> >-
> >-On Friday 27 March 2009 12:24, you wrote:
> >-> Aleksandr,
> >->
> >-> could you give me one example for this:
> >->
> >-> >- I do support idea of attribute based authorization. But can't
> understand
> >-> why other information authenticating the client should be disallowed
> from
> >-> making authorization decision.
> >->
> >->
> >-> I seek to understand what you mean.
> >-
> >-
> >-Most brutal example would be DN of X.509 certificate.
> >-More sophisticated could be distrust of specific computing resource for
> specific
> >-VOMS service.
> >-
> >-A.K.
>
More information about the Pgi-wg
mailing list