On Tue, Sep 16, 2008 at 3:56 AM, arpit jain <[EMAIL PROTECTED]> wrote: > > > On Mon, Sep 15, 2008 at 8:15 PM, Tom Scavo <[EMAIL PROTECTED]> wrote: >> >> On Mon, Sep 15, 2008 at 10:17 AM, arpit jain <[EMAIL PROTECTED]> >> wrote: >> > >> > <method name="createManagedJob"> >> > <auth-method> >> > <none/> >> > </auth-method> >> > </method> >> > <auth-method> >> > <GSISecureConversation/> >> > </auth-method> >> >> I'll bet <none/> and <GSISecureConversation/> are mutually exclusive. >> Try rewriting this with only one <auth-method> element. > > As you are saying that providing 2 auth-methods doesn't works, please see > the below link in which it is mentioned that we can have auth-methods for > individual operations: > http://www.globus.org/toolkit/docs/4.0/security/authzframe/security_descriptor.html#id2537778
Yes, that's the right doc page (please read it carefully). It says that <none/> can not be used with other auth-methods. Also look at the examples...I don't see any example with two <auth-method> elements back-to-back. If you want to specify two auth-methods, you should do so in a single <auth-method> element. In any event, you can't use <none/> and <GSISecureConversation/> together. > See Section 3.3 and Example > > Thats why I have put different authentication methods for diferent > operations. You can have different auth-methods for different resources, but I'm not seeing that in your example. You have two <auth-method> elements back-to-back, which is not allowed. Check the schema: http://www.globus.org/toolkit/docs/4.0/security/authzframe/service_security_descriptor.xsd The number of <auth-method> elements is not unbounded. Tom
