On Tue, Mar 31, 2009 at 12:47 PM, Tom Scavo <trscavo@gmail.com> wrote:

Now VOMS offers a SAML interface. Assuming the protocol remains the
same (i.e., a self-query to the VOMS server), then that leads quite
naturally to SAML tokens bound to proxy certificates. That's the path
of least resistance for grids already invested in VOMS.

Your PGI peers seem to disagree with you. They are of the opinion that Proxy+VomsACs is the path of least resistance (and not Proxy+VomsSAML).

The SAML considerations for the PGI profile(s) were primarily considered for PGI-profiling simply b/c they are a bridge-of-least-resistance to support Unicore.

Duane, is your spec open for public comments?

It was just a "strawman" doc: input material that was put together to foster discussion of actual technical details for interop. So technically it's not open for public comments in the strict OGF document-process sense (and never will be in that form), but, in the general case, it was written explicitly to foster discussion.

Cheers,

Duane