Thanks, Rachana. Also, may I ask, how is a bootstrap PIP different than an ordinary PIP in an authz chain?
Tom PS. I've read org.globus.wsrf.impl.security.authorization.X509BootstrapPIP but I can't find org.globus.security.authorization.BootstrapPIP. On Sun, Nov 9, 2008 at 8:24 PM, Rachana Ananthakrishnan <[EMAIL PROTECTED]> wrote: > Thanks - updated documentation. Comma-separated values are required. > > Rachana > >> -----Original Message----- >> From: [EMAIL PROTECTED] >> [mailto:[EMAIL PROTECTED] On Behalf Of Tom Scavo >> Sent: Friday, November 07, 2008 3:45 PM >> To: GT User >> Subject: Re: [gt-user] questions re security descriptors >> >> 11. Trusted Certificates >> >> The text says the values are comma-separated but the example shows >> space-separated values. >> >> On Fri, Nov 7, 2008 at 4:35 PM, Tom Scavo <[EMAIL PROTECTED]> wrote: >> > Some questions about the Java WS A&A Security Descriptor Framework >> > documented here: >> > >> > >> http://www.globus.org/toolkit/docs/4.2/4.2.1/security/wsaajava >> /descriptor/ >> > >> > 4. Administrator Authorization Chain >> > >> > "The decision returned by this chain overrides subsequent >> > authorization decisions. That is, if the administrator's >> authorization >> > chain returns a deny, the rest of the configured authorization (at >> > container/service/resource) is not evaluated and the operation is >> > denied. If the administrator's chain returns the permit, the rest of >> > the configuration is evaluated to see if the operation is allowed." >> > >> > The above combining algorithm doesn't sound like any combining >> > algorithm I know. If the Administrator Authorization Chain >> "overrides >> > subsequent authorization decisions," why doesn't permit override the >> > rest of the configured authorization (at >> container/service/resource)? >> > >> > Does the <adminAuthz> element take a combiningAlg attribute? >> > >> > 5. Authorization >> > >> > What are possible values of the combiningAlg attribute? >> > >> > Are other elements besides <param:nameValueParam> supported >> out of the >> > box? For example, are multi-valued parameters supported? >> > >> > Thanks, >> > Tom >> > > >
