[SAGA-RG] One final thing to agree upon for SD
Sylvain Reynaud
Sylvain.Reynaud at in2p3.fr
Tue Nov 18 12:40:31 CST 2008
Steve Fisher a écrit :
> Hi,
>
Hi Steve,
> After discussing this we do not have a perfect solution. It has been
> pointed out that it is difficult to represent the authz information in
> a grid independent manner. However I would like to get the spec out.
> If after implementation and practical experience it proves to be be
> not suitable we will just have to come out with a new version.
>
> So I propose to make the authz filter more like the other filters
> except that the attribute names will not be defined in the
> specification.
... and except the authz filter can be omitted. Do you keep the
possibility to automatically create a default authz filter with the
attributes of provided SAGA contexts, when the authz filter is omitted ?
> I would suggest that we recommend some names such as
> 'VO', 'Group' and 'Role' while admitting that different
> implementations may choose different interpretations of these
> attributes. I would also remove the 'VO' as an attribute of a service.
> For example an explicit, but simple, authz filter might be:
>
> VO='atlas' AND Role ='Production'
>
> For EGEE/gLite it seems that the authz rules might be rather complex
> expressed this way so we may provide a function to convert gLite authz
> rules to this format. However this is gLite specific and will NOT be
> part of the spec.
>
> If I hear no objections I will recirculate my list of changes to make
> to the current version of the spec - and then start work ...
>
It's OK for me.
Sylvain
> Steve
> --
> saga-rg mailing list
> saga-rg at ogf.org
> http://www.ogf.org/mailman/listinfo/saga-rg
>
More information about the saga-rg
mailing list