Quoting [Andre Merzky] (Apr 20 2006):

30) ACLs! - Later, after we get input from the security area and GFS - we actually got that input for files/name spaces, so that should be done! - OPEN, URGENT, MAJOR

We have, up to now, no security for files and logical files in the API. Discussions at last GGF(s) showed that both security area and other groups like GFS and PE are unsure about the model to choose, but _all_ of them proposed to go for ACLs until there is something better available. So the proposal is to do that.

- Are there arguments against that?

None seen. Earlier arguments have been that there too many different ACL 'standards' around. Well, we have to adjust the spec if a different one emerges/dominates in GGF.

- Is someone willing to draft ACL for the API?

Dealine for this poll is in one week. If nobody objects, we will go for ACLs. Not sure who will work on it though.

Nobody objected. So I added simple ACLs in the name space package. Code examples would be: ------------------------------------------------------------ std::string dn_user = "O=dutchgrid, O=users, O=vu, OU=cs, CN=Andre Merzky"; std::string dn_group = "O=dutchgrid, O=users, O=vu, OU=cs, CN=*"; // open file (default: Read only) saga::file f (url); // set ACL restrictions for file. The ACL set is // performed with the permissions of the session context f.set_acl (dn_user, saga::ACL_Read | saga::ACL_Write); f.set_acl (dn_group, saga::ACL_Read); // check if acl allow write with our current session // contexts if ( f.get_acl () & saga::ACL_Write ) { saga::file f_2 (url, saga::ReadWrite); f_2.write ("data"); } ------------------------------------------------------------ I don't have much experience with ACLs - so it would be appreciated if someone more knowledgable could give feedback if the above makes sense..

Cheers, Andre

Cheers, Andre -- "So much time, so little to do..." -- Garfield