Hi, is there a way to combine different user mappings from different interceptos and let users choose which mapping to use? I think one cannot do this with current combining algorithms, can one?
When I tried combining VOMS interceptor with gridmap authz I realized that the current algorithms do not work as I expected them to work. Am I right? * PermitOverride uses _first_ permit decision and its mapping * DenyOverride denies based on _first_ deny decision * both do not evaluate following decisions * FirstApplicable returns first deny or permit decision What about following scenario: One wants to check VOMS credentials and DN-based user mapping. The user shall be capabale to choose the mapping (localUserId for GRAM) if there are more than one, independent of the user got only mappings from grid-mapfile, VOMS interceptor, or both. This scenario is not possible to realize, is it? DenyOverride and FirstApplicable are not applicable. Using PermitOverride, if the user has both credentials (DN is in grid-mapfile and he has valid VOMS credentials), always the mapping of the first PDP is used. The user can only influence decision by changing his proxy (include and exclude VOMS credentials). I would be pleased about any comments or suggestions. Regards, Benjamin
smime.p7s
Description: S/MIME Cryptographic Signature
