On Tue, Dec 9, 2008 at 11:43 AM, Rachana Ananthakrishnan <[EMAIL PROTECTED]> wrote: > > One way I can see this being used is if you configure things as follows: > > - Gridmap PIP (not a PDP), which just obtains a mapping if present and adds > it to peer subject > - VOMS PIP, which extracts mapping if present and adds it to peer subject > - Custom PDP, which looks for atleast one mapping in peer subject and > returns a permit or deny
This is essentially what the new GridShibPDP does, but how does the account mapper choose from potentially multiple mappings? First-come, first-served is all I can think of. Tom
