Hi.
To query a MDS, for example with
wsrf-query -x -s https://myhost.mydomain.tld:8443/wsrf/services/DefaultIndexService
,
I have to do this with an user who has a valid proxy certificate.
So far I have worked with MDS.
I have some (theoretical) questions about MDS and authorization.
Can I exactly specify which users may or may not access resource
information at a MDS?
Ok, but furthermore, is there a way to restrict access to resource
information, so that one user can only see some parts while another
can see all?
I am thinking about something like LDAP's possibility to restrict
access to attributes depending on user authorization.
I came to this question when thinking about usage of resource
information with maybe different "security levels". Of course there
could be a scenario where it would be very beneficial to have some
resource information for e.g. a scheduler, but one doesn't want to
announce (all) those information to all users having access to the MDS
this theoretical scheduler uses to get resource information.
Maybe, someone of you may tell me his or her ideas about this.
It is nothing like a feature request, only some theoretical questions/
thoughts.
Regards,
Benjamin
