On Friday 27 March 2009 12:24, you wrote:

Aleksandr,

could you give me one example for this:

...

- I do support idea of attribute based authorization. But can't understand why other information authenticating the client should be disallowed from making authorization decision.

I seek to understand what you mean.

Most brutal example would be DN of X.509 certificate. More sophisticated could be distrust of specific computing resource for specific VOMS service. A.K.