On Mon, Nov 10, 2008 at 11:26 AM, Rachana Ananthakrishnan <[EMAIL PROTECTED]> wrote: > Updated doc: > http://www.globus.org/toolkit/docs/latest-stable/security/wsaajava/developer > /#id2483308. The document describing framework explains it some more. It is > mostly relevant where the combining algorithm does not use all the PIPs in > the order specified, but needs a subset to set up request context.
Thanks, that helps. > This org.globus.security.authorization.BootstrapPIP exists in authorization > module. Found it, thanks. In section 2.1.1 of the above document, it doesn't say what to do if the admin authz chain returns INDETERMINATE (which it can, because first-applicable is used)? Likewise, if the resource, service, or container authz chains are configured with the first-applicable combining algorithm, what happens if the corresponding authz chain returns INDETERMINATE? Also, sections 2.1.1 and 2.1.2 don't agree. AFAICT, items 2b and 3b in section 2.1.2 don't agree with the text in section 2.1.1. Tom
