Alan I dont think your use case disagrees with what I am suggesting, which is on every v-p-i the user says which attribute is to be primary one (or not) regards David Alan Sill wrote:
On Oct 31, 2006, at 3:59 PM, David Chadwick wrote:
Why cant it? I thought the ACs were created on demand for the user and were different for different grid jobs. In which case, when the VOMS server creates the AC for the particular job, it puts the two attributes (primary and all) inside the one AC.
They're different for every voms-proxy-init, which is basically a grid-proxy-init step that contacts a VOMS server. Thus they will be different for every issuance of v-p-i but may be the same across jobs.
A typical use case might be that the user wants to submit to a given VO's resources, does a v-p-i with argument -voms (VO VOMS server) including possibly the assertion of group membership or role, does the submissions, which could be a large number. May use that VOMS proxy for an extended period of time for multiple operations. Up[on wanting to switch to a different VO or a different group or role within the VO, does a new voms-proxy-init and gets a new proxy. repeat as necessary.
VOMS proxy certs can be extended, destroyed, etc. just as grid proxies.
Alan Sill, Ph.D TIGRE Senior Scientist High Performance Computing Center TTU
==================================================================== : Alan Sill, Texas Tech University Office: Admin 233, MS 4-1167 : : e-mail: Alan.Sill@ttu.edu ph. 806-742-4350 fax 806-742-4358 : ====================================================================
-- ***************************************************************** David W. Chadwick, BSc PhD Professor of Information Systems Security The Computing Laboratory, University of Kent, Canterbury, CT2 7NF Skype Name: davidwchadwick Tel: +44 1227 82 3221 Fax +44 1227 762 811 Mobile: +44 77 96 44 7184 Email: D.W.Chadwick@kent.ac.uk Home Page: http://www.cs.kent.ac.uk/people/staff/dwc8/index.html Research Web site: http://sec.cs.kent.ac.uk Entrust key validation string: MLJ9-DU5T-HV8J PGP Key ID is 0xBC238DE5 *****************************************************************