Paul Millar [mailto:paul.millar@desy.de] said:
Without linking the Policy object to a UserDomain, one forces the GLUE client to understand the authorisation schema to decide whether members of the UG are allowed to access it.
It's certainly true that the client has to understand the authz scheme, but that's true regardless, it has nothing to do with the UDs, and the UDs are unlikely to offer any help to a client in interpreting authz rules.
Multiple MappingPolicy objects MAY refer to the same Share object. If so, these MappingPolicy objects SHOULD have different authorisation schemata.
I'm not sure if we can make it that strong because I have no idea what other authz schemes might look like! Basically it would be up to any grid/community devising a scheme to make sure that what it did was consistent and workable. Stephen -- Scanned by iCritical.