An ideal design might be to support named collections of CAs where any number of services across an entire federation can reference these named collections. A detailed description of what is in a named collections would only need to exist in one place within a federation. First I think it's important to confirm that we indeed have NO uses for this today. Does anyone know of any? Second I would propose that we open up the floor to proposed solutions. Discussing a proposed solution, and even coming to a consensus, doesn't mean we have to change the current GLUE 2 specification. The community can first try to implement a consensus solution, or multiple solutions, and at some future point decide which of these we want to integrate into a future GLUE2 revision. In short, we need to confirm we aren't breaking any known uses and implementations while we explore solutions. JP On Nov 1, 2012, at 2:50 PM, <stephen.burke@stfc.ac.uk> wrote:
JP Navarro [mailto:navarro@mcs.anl.gov] said:
Could these strings be a hash of a DN?
That wouldn't help much, the problem is the number of CAs more than the length of each one.
How many TrustedCAs are we thinking might need to be published for each endpoint, and how much data is that really? Do we think it would significantly impact the performance of our information systems to publish multiple collections of TrustedCA strings?
At a quick count, I get 89 CAs and about 5 KB of data, compared with about 2 KB currently in an Endpoint - and that for something for which, as far as I know, we have no uses, and which would be duplicated several thousand times over. For the BDII I think publishing that would not make any sense.
Stephen
-- Scanned by iCritical.