[SAGA-RG] One final thing to agree upon for SD
Steve Fisher
dr.s.m.fisher at gmail.com
Tue Nov 18 07:42:24 CST 2008
Hi,
After discussing this we do not have a perfect solution. It has been
pointed out that it is difficult to represent the authz information in
a grid independent manner. However I would like to get the spec out.
If after implementation and practical experience it proves to be be
not suitable we will just have to come out with a new version.
So I propose to make the authz filter more like the other filters
except that the attribute names will not be defined in the
specification. I would suggest that we recommend some names such as
'VO', 'Group' and 'Role' while admitting that different
implementations may choose different interpretations of these
attributes. I would also remove the 'VO' as an attribute of a service.
For example an explicit, but simple, authz filter might be:
VO='atlas' AND Role ='Production'
For EGEE/gLite it seems that the authz rules might be rather complex
expressed this way so we may provide a function to convert gLite authz
rules to this format. However this is gLite specific and will NOT be
part of the spec.
If I hear no objections I will recirculate my list of changes to make
to the current version of the spec - and then start work ...
Steve
More information about the saga-rg
mailing list