Hi all,

We recently stumbled upon problems while running EMI-ES integration tests across EMI middleware. The reason is there are different descriptions and therefore different interpretations of the TrustedCA attribute in Endpoint and ComputingEndpoint.

Here are the two relevant tables in GFD147:

Entity Inherits from Description
Endpoint Entity A network location having a well-defined interface and exposing specific service functionalities.
Attribute Type Mult. Unit Description
TrustedCA DN_t 0..*
The Distinguished Name of a trusted Certification Authority (CA); i.e., certificates issued by the CA are accepted by the authentication process. Alternatively this may identify a standard bundle of accepted CAs, e.g. those accredited by the IGTF. Note that this does not imply that such certificates will be authorized to use the Endpoint.


Entity Inherits from Description
ComputingEndpoint Endpoint A network Endpoint for creating, monitoring, and controlling computational Activities called jobs. It MAY also be used to expose complementary capabilities (e.g., resource reservation or proxy manipulation).
Inherited Attribute Type Mult. Unit Description
TrustedCA DN_t 0..*
Distinguished name of the trusted Certification Authority (CA), i.e., certificates issued by the CA are accepted for the authentication process


I just don't understand this sentence:
"Alternatively this may identify a standard bundle of accepted CAs, e.g. those accredited by the IGTF. Note that this does not imply that such certificates will be authorized to use the Endpoint."

Does "This" still mean a DN or a string? In GLUE2 every attribute value has a very well defined type, in this case DN_t. DN_t is a distingushed name as defined by RFC4514 (http://www.ietf.org/rfc/rfc4514.txt) but how can a DN represent a bundle of accepted CAs?

gLite middleware is using a plain string there, for example IGTF. But IGTF is NOT a DN_t.

This was also one of the things I didn't understand in Stephen's EGI GLUE2 profile. Can anybody comment on this?

Sometimes these GLUE2 inconsistencies make me crazy :P

-- Florido Paganelli
Lund University - Particle Physics
ARC Middleware
EMI Project