28 Jan
2008
28 Jan
'08
2:49 p.m.
Paul Millar [mailto:paul.millar@desy.de] said:
As an idea, would identifying authz info as a URI make sense?
This would require specify a schema-name part for FQAN. For example, this could be "fqan", with "fqan:/vo.example.org/Role=An-example"
This is still under debate, we need some way of representing authz info but no-one is quite sure what the best way is. The current (1.3) solution does do pretty much what you suggest, in fact we publish something like "VOMS:/atlas/Role=Production", as well as the traditional "VO:atlas" form. One question is whether we would ever need to be able to support more than one authz scheme for the same resource/service. Stephen