Hi Jens et al., On 11.05.06 12:53, Jensen, J (Jens) wrote:
Regardless of whether "we" build a validation authority or add to the middleware validation, someone still needs to build the validation code, and the language to specify what you want. The language should allow for checking not just policy oid but also key size and individual extensions, etc, IMHO. And be simple enough that anyone can implement an acceptance policy - no XML, no binary encodings.
I've been working on something like this and I hope to have the opportunity to describe it at the next EU Grid PMA meeting. The acceptance policy uses a Scheme-style S-Expression format, which admittedly has a lot in common with XML.
And as I mentioned earlier, if we add it to the middleware, it is best to go as far upstream as possible - OpenSSL ideally, or Globus. Document may need tweaking depending on where we go.
It will also need to work with other libraries, such as Bouncy Castle which is used for Java-based software (e.g. in gLite). Kind regards, David O'C