Hello Tom,
On 1 Nov 2007, at 13:15, Tom Scavo wrote:
On 10/31/07, Florian Scharinger <[EMAIL PROTECTED]> wrote:
Installing myproxy first won't work for me unfortunately, because I
want to build myproxy with VOMS-support.
Florian, can you briefly describe your end goal? Do you intend to
integrate MyProxy and VOMS in some way? Can you give a representative
use case?
We want to test if we can use MyProxy server with VOMS support to
store VOMS proxy certificates which can be renewed by clients on a
certificate basis. I'm aware that the recommended practise is to
store standard certificates in MyProxy and only generate VOMS proxies
after having received a standard proxy from MyProxy, but we want to
keep the first option open.
The (generalised) use case would be that service A on machine A wants
to start another service B at machine B. In order to verify that the
service A is allowed to do that, we want to use VOMS role attributes
to specify which 'user' can start which services. So far no proxy
renewal (and hence MyProxy) would be necessary. However, when service
B has finished, machine B would go and pass the original service
request to the next machine (C) to run a service there. Since this
can take longer than the proxy's lifetime, the proxy might has to be
renewed via MyProxy. Having already the VOMS certificate in MyProxy
would simplify the client-side handling, in my opinion.
If you have any further questions or comments I'm more than happy to
discuss them offline (since I guess it's off topic for this mailing
list).
Cheers,
Florian.
Thanks much,
Tom
/ - - - - - - - - - - - - - - - - - - - - - - \
Florian Scharinger
EPCC
University of Edinburgh
EGEE-II SA1 NPM Developer
