Steve Fisher a écrit :
Hi,
Hi Steve,
After discussing this we do not have a perfect solution. It has been pointed out that it is difficult to represent the authz information in a grid independent manner. However I would like to get the spec out. If after implementation and practical experience it proves to be be not suitable we will just have to come out with a new version.
So I propose to make the authz filter more like the other filters except that the attribute names will not be defined in the specification.
... and except the authz filter can be omitted. Do you keep the possibility to automatically create a default authz filter with the attributes of provided SAGA contexts, when the authz filter is omitted ?
I would suggest that we recommend some names such as 'VO', 'Group' and 'Role' while admitting that different implementations may choose different interpretations of these attributes. I would also remove the 'VO' as an attribute of a service. For example an explicit, but simple, authz filter might be:
VO='atlas' AND Role ='Production'
For EGEE/gLite it seems that the authz rules might be rather complex expressed this way so we may provide a function to convert gLite authz rules to this format. However this is gLite specific and will NOT be part of the spec.
If I hear no objections I will recirculate my list of changes to make to the current version of the spec - and then start work ...
It's OK for me. Sylvain
Steve -- saga-rg mailing list saga-rg@ogf.org http://www.ogf.org/mailman/listinfo/saga-rg