Fermilab Computing Division

CS Document 2482-v1

Authorization Interoperability Meeting on Oct 30, 2007 - Minutes

Document #:
CS-doc-2482-v1
Document type:
Documentation
Submitted by:
Gabriele Garzoglio
Updated by:
Gabriele Garzoglio
Document Created:
01 Nov 2007, 14:10
Contents Revised:
01 Nov 2007, 14:10
Metadata Revised:
01 Nov 2007, 14:16
Viewable by:
  • Public document
Modifiable by:

Quick Links:
Latest Version

Abstract:
- Testing the Globus XACML library in the gJAF framework
Yuri and Hakon have run tests. Discussed the need to have multiple subjects
AND multiple attributes in subject, resource, and action. Also, it is
desirable that the GT library supports metadata defined in opensal and xacml,
as much as possible. Rachana will check how the GT lib behaves when encountering
multiple subjects: for now the behavior will not be changed, since there are
no concrete use cases for multiple <subjects> and people can create contexts
with multiple subjects by accessing the low level XACML APIs.
Rachana will add an API to the GT utility lib to add multiple attributes.

Yuri and Hakon will work with CNAF to test the lib with GPBox. They are waiting
for a fix of the GT lib on attribute types, before being able to work. Rachana
will try to provide the fix on Fri. At the end of the tests, Yuri and CNAF will
provide real examples of XACML policies and of obligations for our use cases.

- Schema of the user attributes
These are the attributes sent from the PEP to the PDP. We will put them in subject.
We agreed to having the attribute "primary_fqan" for the primary fqan AND the
attribute "fqan" for all secondary fqans. Eventually, we may deprecate
"primary_fqan" and use "fqan" for all the attributes.

Files in Document:
Associated with Events:
Authorization Interoperability held on 30 Oct 2007
DocDB Home ]  [ Search ] [ Authors ] [ Events ] [ Topics ]

DocDB Version 8.8.9, contact Document Database Administrators