Vincenzo, Concerning the full list of VOMS extensions with their meaning and syntax : Thank you very much for the link to the 'VOMS Attribute Certificate Format' document. I have added it inside 'PGI / Input Documents / Security Material'. For the sake of interoperability, I suggest that you reverse the statement written in chapter 4.2 'KeyUsage extension'. I propose : For interoperability of authentication through X509 certificates and X509 proxies, this extension MAY be absent. Best regards. ---------------------------------- Etienne URBAH IN2P3 - LAL Bat 200 91898 ORSAY France Tel: +33 1 64 46 84 87 Mob: +33 6 22 30 53 27 Skype: etienne.urbah mailto:urbah@lal.in2p3.fr ---------------------------------- On Wed, 25 Mar 2009, Vincenzo Ciaschini wrote:
Etienne URBAH wrote:
Duane,
Thank you for your comments. Please find the original text and my answers inline.
Beyond that :
7.9) Semantics and syntax of VOMS extensions and Restriction attributes ----------------------------------------------------------------------- I would like to describe (for example in new section 7.9) the semantics and syntax of a RESTRICTED list of VOMS extensions and Restriction attributes that all grid clients MAY use and that all grid services MUST understand.
Does anybody have links to such lists ?
- For VOMS extension, the example below gives : VO, subject, issuer, attribute, timeleft, uri Just for clarity: attribute is indeed a list of attributes. There may be more than one.
Also, information from more than one VO may be present.
I agree that we have to describe the full list of VOMS extensions with their meaning and syntax (or provide a link to the relevant VOMS specification).
How about this? https://forge.gridforum.org/sf/go/doc13797 (also referenced in the strawman doc)
If it is unclear, I'd love to receive comments.
Ciao, Vincenzo