Steven: Surely its better to focus our energies on defining a profile around the new style proxies that groups intend to support going forward?
This seems most prudent.  We don't need to bend the PGI profile(s) such that every existing endpoint can be labeled "compliant".  Compliant service endpoints can be rolled out incrementally as subject to implementation/budget/etc. constraints.
Morris: What is the chance that this VOMS 2.0 get a huge deployment in EGEE then?!
It doesn't need a huge deployment.  Even a single deployment at the grid boundary will work to our ends.
 
-Duane
 


 
2009/4/8 Morris Riedel <m.riedel@fz-juelich.de>
Hi,

 very valuable information - probably another reason for sticking to GSI
unfortunately in the production space...

>- VOMS 2.0 is due to be out during autumn this year.

What is the chance that this VOMS 2.0 get a huge deployment in EGEE then?!

Thanks,
Morris

------------------------------------------------------------
Morris Riedel
SW - Engineer
Distributed Systems and Grid Computing Division
Jülich Supercomputing Centre (JSC)
Forschungszentrum Juelich
Wilhelm-Johnen-Str. 1
D - 52425 Juelich
Germany

Email: m.riedel@fz-juelich.de
Info: http://www.fz-juelich.de/jsc/JSCPeople/riedel
Phone: +49 2461 61 - 3651
Fax: +49 2461 61 - 6656

Skype: MorrisRiedel

"We work to better ourselves, and the rest of humanity"

Sitz der Gesellschaft: Jülich
Eingetragen im Handelsregister des Amtsgerichts Düren Nr. HR B 3498
Vorsitzende des Aufsichtsrats: MinDirig'in Bärbel Brumme-Bothe
Vorstand: Prof. Dr. Achim Bachem (Vorsitzender),
Dr. Ulrich Krafft (stellv. Vorsitzender)


>------Original Message-----
>-From: pgi-wg-bounces@ogf.org [mailto:pgi-wg-bounces@ogf.org] On Behalf Of
>-Vincenzo Ciaschini
>-Sent: Wednesday, April 08, 2009 12:07 PM
>-To: Etienne URBAH
>-Cc: aleksandr.konstantinov@fys.uio.no; edges-na3@mail.edges-grid.eu;
>-lodygens@lal.in2p3.fr; pgi-wg@ogf.org
>-Subject: Re: [Pgi-wg] OGF PGI - Security Model - NEW versions of GSI
acceptRFC-
>-3820-compliant X509 proxies
>-
>-Hi Etienne,
>-Etienne URBAH wrote:
>-> Still to be verified is that VOMS servers only accept GSI-style X509
>-> proxies http://forge.gridforum.org/sf/go/doc15591?nav=1
>-VOMS accepts and generates both type of proxies.  However, there is a
>-caveat, which explains the failures you get:
>-
>-Pre VOMS 2.0:
>-Server-side, VOMS uses GSI for validation.  This means that if you run
>-voms against gt2, contacting it with a gt4 proxy will fail.
>-
>-There is a final argument in the vomses file which specifies which
>-version of GT the service uses, and adapts the proxies used to contact
>-it accordingly.  Many VOs distribute an incorrect vomses file.
>-
>-The final proxy obtained as output by voms-proxy-init will always be
>-what you requested, in this case a rfc proxy.
>-
>-VOMS 2.0 onwards:
>-Globus dependencies on the server will be dropped too (They are
>-corrently removed from both the clients and the APIs).  This will mean
>-that any kind of proxy, or even a bare certificate, will become
>-acceptable for contacting the service.  The whole vomses config business
>-above will no longer be relevant.
>-
>-VOMS 2.0 is due to be out during autumn this year.
>-
>-Ciao,
>-    Vincenzo
>-_______________________________________________
>-Pgi-wg mailing list
>-Pgi-wg@ogf.org
>-http://www.ogf.org/mailman/listinfo/pgi-wg

_______________________________________________
Pgi-wg mailing list
Pgi-wg@ogf.org
http://www.ogf.org/mailman/listinfo/pgi-wg