On 2012-11-01 20:50, stephen.burke@stfc.ac.uk wrote:
JP Navarro [mailto:navarro@mcs.anl.gov] said:
Could these strings be a hash of a DN?
That wouldn't help much, the problem is the number of CAs more than the length of each one.
Yes, true
How many TrustedCAs are we thinking might need to be published for each endpoint, and how much data is that really? Do we think it would significantly impact the performance of our information systems to publish multiple collections of TrustedCA strings?
At a quick count, I get 89 CAs and about 5 KB of data, compared with about 2 KB currently in an Endpoint -
an ARC CE currently publishes 90-100. Each endpoint is supposed to publish its TrustedCAs, for a total of rougly 816 entries in relevant endpoints. The amount of data for a single endpoint is similar to that Stephen described
and that for something for which, as far as I know, we have no uses, and which would be duplicated several thousand times over. For the BDII I think publishing that would not make any sense.
ARC clients use this information for selection and brokering of CEs. We used to have a similar approach in NorduGrid schema. ARC infosystem is a crucial part of the infrastructure, we really rely on what is published there. Cheers, -- Florido Paganelli Lund University - Particle Physics ARC Middleware EMI Project