Some questions about the Java WS A&A Security Descriptor Framework documented here:
http://www.globus.org/toolkit/docs/4.2/4.2.1/security/wsaajava/descriptor/ 4. Administrator Authorization Chain "The decision returned by this chain overrides subsequent authorization decisions. That is, if the administrator's authorization chain returns a deny, the rest of the configured authorization (at container/service/resource) is not evaluated and the operation is denied. If the administrator's chain returns the permit, the rest of the configuration is evaluated to see if the operation is allowed." The above combining algorithm doesn't sound like any combining algorithm I know. If the Administrator Authorization Chain "overrides subsequent authorization decisions," why doesn't permit override the rest of the configured authorization (at container/service/resource)? Does the <adminAuthz> element take a combiningAlg attribute? 5. Authorization What are possible values of the combiningAlg attribute? Are other elements besides <param:nameValueParam> supported out of the box? For example, are multi-valued parameters supported? Thanks, Tom
