Joni Hahkala wrote:
If this is the case then the "primary" tag would need to be separately shown inside the proxy cert.
Yes, if ordering would not be used as the deciding factor then there would be need for a separate tag either as a proxy extension or within the VOMS extension structure, for example within (or end of) the list of ACs.
If this is the case, then I can see little benefit in doing it via the proxy cert, since the AC validating component will need to tag the first attribute in the first AC as the primary one in an internal implementation dependent way, regardless of whether this is based on ordering of the ACs or a tag in the proxy cert. What Frank was suggesting was that the primary flag was incorporated into the attribute type of an AC so that no special implementation dependent way of processing was needed by the service provider. So, I suggest the following as an improved way of working. 1. The user knows prior to job submission which attribute he wants to be his primary one for this grid job. 2. The user contacts the various VOMS servers in any order he chooses and asks for the various attributes to be put into ACs and returned to him. 3. The user signals the VOMS server that holds his primary attribute for this grid job, to flag this chosen attribute as the primary one, and to return this inside the AC marked as the primary attribute (using a method similar to the eduPerson one outlined earlier). 4. The ACs are packaged into the proxy cert in a random order, since now we have a primary flag embedded into one of the attribute types in one of the ACs, so ordering is no longer needed. regards David
Cheers, Joni
regards
David
-- ***************************************************************** David W. Chadwick, BSc PhD Professor of Information Systems Security The Computing Laboratory, University of Kent, Canterbury, CT2 7NF Skype Name: davidwchadwick Tel: +44 1227 82 3221 Fax +44 1227 762 811 Mobile: +44 77 96 44 7184 Email: D.W.Chadwick@kent.ac.uk Home Page: http://www.cs.kent.ac.uk/people/staff/dwc8/index.html Research Web site: http://sec.cs.kent.ac.uk Entrust key validation string: MLJ9-DU5T-HV8J PGP Key ID is 0xBC238DE5 *****************************************************************