Hi Tom, sorry for the late answer, I've just got back to work. The authorization problem is still unsorted. Currently the prototype allows for specifying which subjects are allowed to query for other subjects. Given that, the protocols is in place, this when we had the demo in Boston Krzystof warn me of some flaws in my service that I haven't been able to fix yet. AFAIHU UVOS authorization should be more stable, but Krzystof can say more than me about this. I have seen that an implementation for the SAML Attribute Query for X.509 Subjects has made in as a Google Summer of Code 2008 project mentored by Globus. Keep us informed about the thing and let us know if you think that VOMS or UVOS implementations can somehow participate in the demo. Valerio On Tue, 2008-03-04 at 08:39 -0500, Tom Scavo wrote:
Valerio, can you provide an update on the implementation "in progress" below? How do you "authorize queries" in the case where the presenter is acting on behalf of the subject (or is this still an open question)?
Thanks, Tom
On Tue, Nov 27, 2007 at 4:26 AM, Valerio Venturi <valerio.venturi@cnaf.infn.it> wrote:
On Fri, 2007-11-23 at 18:54 -0500, Tom Scavo wrote:
Hi Valerio,
On 11/20/07, Valerio Venturi <valerio.venturi@cnaf.infn.it> wrote:
Profile being implemented: OGSA Attribute Exchange Profile Organisation doing the implementation: INFN Contact details: valerio.venturi@cnaf.infn.it Short description: VOMS
Are you implementing the SAML Attribute Query Deployment Profile for X.509 Subjects or SAML Attribute Self-Query Deployment Profile for X.509 Subjects (or both)?
The Self-Query is already in place, and the other one is work in progress (mainly how to authorize queries is under discussion). Related to this, I think we should add conformance targets to the profile, in the style of the OGSA Profile Defintion and WS-I Basic Profile. Do you think it would be useful?
Valerio