[voms-proc-wg] VOMSPROC WG session and strawman document
Jens Jensen
j.jensen.ral at gmail.com
Thu Oct 11 13:20:52 EDT 2012
Hi Andrea
No comment on your first comment but on the second, we are going to come up
with a precise description version of the algorithm. The current doc is
meant to outline the idea and we then make it more precise (no doubt
discovering interesting questions that we had not thought about before in
the process.)
Cheers
--jens
On Oct 11, 2012 4:34 AM, "Andrea Ceccanti" <andrea.ceccanti at cnaf.infn.it>
wrote:
> Hi David,
>
> just a couple of preliminary comments (unfortunately I will not attend the
> meeting)
>
> - I've already shared at large my perplexities about having more than one
> AC in the VOMS extension.
> I think that was a design flaw. There are no use cases. The VOMS AC format
> and all documents in preparation
> should be updated to address this flaw, as the VOMS libraries are.
>
> - Computing the intersection of a set of attributes coming from several
> ACs in the chain poses the problem of
> stating how the order of the attributes is computed when is different in
> the ACs. The document should address
> this, e.g. proposing that the the order of the AC result of the original
> user delegation is enforced.
>
> Cheers,
> Andrea
>
>
>
> Il 10/10/12 21.47, David Groep ha scritto:
>
>> Dear all,
>>
>> In preparation for the VOMSPROC WG session, the Redmine project for
>> the WG has been populated (finally), and the list of documents and the
>> agreed rough outline added to the Wiki
>>
>> http://redmine.ogf.org/**projects/voms-proc-wg/wiki<http://redmine.ogf.org/projects/voms-proc-wg/wiki>
>>
>> There is also a strawman document for the first work item ("VOMS
>> Attribute Certificate Parsing Rules for Chained Identity Credentials")
>> which I admit it incomplete (it lacks a description of how today the
>> 'primary FQAN' is determined), but at least should have enough
>> controversial material in it to trigger discussion.
>>
>> Please go to the OGF redmine project at
>> http://redmine.ogf.org/**projects/voms-proc-wg<http://redmine.ogf.org/projects/voms-proc-wg>
>> and forward this information as relevant. Everyone is welcome to subscribe
>> to the mailing list (<http://www.ogf.org/**pipermail/voms-proc-wg/<http://www.ogf.org/pipermail/voms-proc-wg/>
>> >)
>> and lets hope we can get this done.
>>
>> In particular, we will soon need a discussion on the second work item
>> regarding SAML delegation and how to interpret effective attributes
>> in that context. VOMS can produce SAML statements, but I think the
>> issue is slightly wider and would benefit from such wider input.
>>
>> Hope to see many of you at the VOMSPROC WG session!
>>
>> Best,
>> DavidG.
>>
>>
>
> --
> INFN-CNAF
> ---------
> Andrea Ceccanti
> Via Ranzani 13/2 40127 Bologna, Italy
> phone: +39 051 6092845, fax: +39 051 6092916
> skype: andreaceccanti
> andrea.ceccanti at cnaf.infn.it
>
> ______________________________**_________________
> voms-proc-wg mailing list
> voms-proc-wg at ogf.org
> https://www.ogf.org/mailman/**listinfo/voms-proc-wg<https://www.ogf.org/mailman/listinfo/voms-proc-wg>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.ogf.org/pipermail/voms-proc-wg/attachments/20121011/4f125e25/attachment.html>
More information about the voms-proc-wg
mailing list