Fermilab Computing Division

CS Document 2381-v1

AuthZInterop Feedback to Globus - Aug17-2007 - Minutes

Document #:
Document type:
Submitted by:
Gabriele Garzoglio
Updated by:
Gabriele Garzoglio
Document Created:
17 Aug 2007, 13:56
Contents Revised:
17 Aug 2007, 13:56
Metadata Revised:
17 Aug 2007, 13:56
Viewable by:
  • Public document
Modifiable by:

Quick Links:
Latest Version

- Feedback to Globus on the alpha version of the library
-- SAML schema needed changes from the standard to allow compilation. Rachana will write the changes in a document and make it available in a few weeks.
-- No easy way for the client to check what obligations (returned by a PDP) have been handled and what not. The framework should raise an exception if a PDP returnsnon-registered obligations. Is this working?

- Discussing XACML Profile and Interoperability
-- For every obligation in the OSG and EGEE use cases, we need to standardize the name (obligation id), the obligation attributes and their types; what about a version? In the next few weeks we need to refine our current tentative list (see below).
-- We will support authorization interoperability of common middleware (gLExec, dCache, ...) by registering multiple obligation handlers at the PEP, e.g. gLExec will know obligation "Username" for GUMS and "UID+GID" for LCMAPS.

- Near future topics for discussion include Profile for interoperability, more feedback to the alpha version, input for the beta version. We will all meet the 2nd week of Sep after CHEP.

Associated with Events:
Authorization Interoperability held on 17 Aug 2007
DocDB Home ]  [ Search ] [ Authors ] [ Events ] [ Topics ]

DocDB Version 8.8.9, contact Document Database Administrators