Hi Stephen, all On 2012-11-01 13:25, stephen.burke@stfc.ac.uk wrote:
glue-wg-bounces@ogf.org [mailto:glue-wg-bounces@ogf.org] On Behalf Of Florido Paganelli said:
We recently stumbled upon problems while running EMI-ES integration tests across EMI middleware. The reason is there are different descriptions and therefore different interpretations of the TrustedCA attribute in Endpoint and ComputingEndpoint.
Probably the text for Endpoint was updated but not copied to ComputingEndpoint - the Endpoint text is correct. The basic point is that publishing every CA for every Endpoint would be a huge data volume, and in practice I think we have no clients that use it. Also the majority of Grid sites use a completely standard set of CAs so most of the information would be duplicated.
Does "This" still mean a DN or a string?
It means a string used as a reserved word - "IGTF" in this case.
This is very bad. How is a client/consumer supposed to know this? How can we solve this with respect to the DN_t type in the specification (which is "clearly unclear")? Recommendations in the renderings?
Sometimes these GLUE2 inconsistencies make me crazy :P
If you expect absolutely precise definitions of everything I suggest you stop working in Grids ...
Forget about it. I will *not* stop working on grid and fight to make it precise and useful, if not defined so. And that might happen even if I am not paid for it. So, coming back to the topic: Let's say there is recommendation in the renderings that tells to put a string there, overriding the GFD147 specs. Say you have a this reserved word there: IGTF. How is a third party client supposed to know the meaning of it? where to look for such strings? What kind of algorithm to deduce which are the CAs entitled? Note: The type of TrustedCA is currently not even a open enumeration. A solution might be to change the type of this attribute in the realization documents to have an open enumeration that clearly defines what are the CAs entitled. But then we face a second problem, for example in case of IGTF, the CAs allowed might change frequently and dynamically. So far the open enumerations we have are mostly static. Can it be done leveraging CRLs? Any idea? Thanks -- Florido Paganelli Lund University - Particle Physics ARC Middleware EMI Project