glue-wg-bounces@ogf.org
[mailto:glue-wg-bounces@ogf.org] On Behalf Of Flavia Donno said: Just because they are orthogonal, there is no association between paths and spaces. Therefore, I was proposing 2 classes, one to describe the spaces with their ACLs and one to describe the namespace with its ACLs, if needed, of course. The space described in which physical pool the file ends up. The namespace describes how logically the files are organized and who has access to them.
But that's going to make for a fairly complicated query, effectively you have to do a join between the authz on the space (token) and the authz on the path - which are perhaps not even expressed the same way, e.g. VO:atlas on one and VOMS:/atlas/Role=Production on the other. And you would have to code support for such queries in all clients even if in most cases they weren't needed. The question is whether we have any serious use cases for this kind of thing - and if we have, whether we can support them with something simpler than the fully generic structure. Stephen