glue-wg-bounces@ogf.org
[mailto:glue-wg-bounces@ogf.org] On Behalf Of Paul Millar said: Here's a potentially tricky question: who publishes the UserDomain objects?
At the schema level we don't define anything about how things are published. Even at the level of the concrete representation it isn't necessarily defined, for example the current LDAP DIT reflects the "site bdii" structure in which things are published but it wouldn't necessarily have to be like that. If the UDs are published at all I would guess that they would be most naturally published with the VOMS servers, either directly with the service or in some other way by the hosting site. However, there are other possibilities, e.g. centrally (all EGEE VOs from CERN?) or ad hoc (someone in each VO makes arrangements at a local site somewhere).
1. The SE publishing agent creates its own set of UserDomain objects; given this, it knows the UserDomain.ID
No, it can't do that!
2. The SE queries for existing UserDomain objects for ones matching its requirements, so discovering the appropriate ID
I think you would configure it statically, not try to get it dynamically. However, I suggest you don't worry about it at this stage; I'm skeptical that UDs will be published at all, and even if they are I'm not sure if you would actually bother to fill in all the Policy-UD references as there might well be no use cases that would need to navigate them. Anyway this isn't conceptually different from other potentially cross-site relations, like CE -> SE.
How does a client know which set of UserDomain objects is really the VO "ATLAS"?
It (probably) doesn't care, it just knows that rules in a particular schema have forms like "VO: atlas" or "VOMS: /atlas/*". Stephen -- Scanned by iCritical.