Etienne URBAH wrote:
Duane,
Thank you for your comments. Please find the original text and my answers inline.
Beyond that :
7.9) Semantics and syntax of VOMS extensions and Restriction attributes ----------------------------------------------------------------------- I would like to describe (for example in new section 7.9) the semantics and syntax of a RESTRICTED list of VOMS extensions and Restriction attributes that all grid clients MAY use and that all grid services MUST understand.
Does anybody have links to such lists ?
- For VOMS extension, the example below gives : VO, subject, issuer, attribute, timeleft, uri Just for clarity: attribute is indeed a list of attributes. There may be more than one.
Also, information from more than one VO may be present.
- For other attributes, here is something springing out from my imagination, with semantics and syntax (please criticize) : - Assertion of identity : ID:<FQAN> - Assertion of belonging to a group : GROUP:<FQAN> - Authorization to access a resource : ALLOW:<URI> - Interdiction to access a resource : DENY:<URI> - Authorization to read a file (or a folder, recursively : ALLOW_R:<URI> - Authorization to write into a file (or a folder, recursively : ALLOW_W:<URI> - Authorization to read and write into a file (or a folder, recursively : ALLOW_RW:<URI> Note that GLUE 2.0 recommends that the URI should be an URN.
I agree that we have to describe the full list of VOMS extensions with their meaning and syntax (or provide a link to the relevant VOMS specification).
How about this? https://forge.gridforum.org/sf/go/doc13797 (also referenced in the strawman doc) If it is unclear, I'd love to receive comments. Ciao, Vincenzo