[SAGA-RG] Fwd (tatebe at cs.tsukuba.ac.jp): ACL's in SAGA
Andre Merzky
andre at merzky.net
Fri Sep 8 09:16:45 CDT 2006
Problem with a real group dn is that we would need to expose
that at the security context, but actually can't (in
reality), as we don't know what that would look like in
Globus, gLite, GFS etc.
The example Osamu refers to currently reads:
dn_user = "O=dutchgrid, O=vu, CN=Andre Merzky";
dn_group = "O=dutchgrid, O=vu, CN=*";
I would propose to extend the example, with:
dn_group = "O=dutchgrid, O=project-123, CN=*"
where this DN would be issued to multiple users, belonging
to that project, which is not in an organizational name
space.
What do you think?
Andre.
Quoting [Thilo Kielmann] (Sep 08 2006):
>
> As promised, here is the condensed feedback from Osamu (chair GFS-WG)
> about the use of ACL's in SAGA:
>
> ----- Forwarded message from Osamu Tatebe <tatebe at cs.tsukuba.ac.jp> -----
> >
> > In my personal opinion, group (or virtual organization) should not be
> > related to the user's dn since the user's dn is basically issued by an
> > organization he belongs to. Group should be formed more flexibly,
> > although I am not sure there is a standard candidate of the group or
> > not.
>
> In my personal opinion, this means we should modify our example of
> the group ACL, then showing a more "virtual organization" in there.
> (At the end, it will be a "group DN" ???)
>
> Regards,
>
>
> Thilo
--
"So much time, so little to do..." -- Garfield
More information about the saga-rg
mailing list