Wiki
Version 1 (David Groep, 10/09/2012 12:03 PM) → Version 2/3 (David Groep, 10/09/2012 12:04 PM)
h1. Mission
There are currently multiple implementations validating VOMS credentials, and all of these have had to make uncoordinated choices in how to interpret bags of attributes. For security and integrity reasons alone it is needed that the interpretation of attributes is consistent. The scope is deliberately limited to writing two specific documents in a narrow subject space, for which insufficient guidance exists but where active work is ongoing.
h1. Documents
h3. Published GFDs
_none yet_ ''none yet''
h3. Documents currently under consideration by the CAOPS-WG
* VOMS Attribute Certificate Parsing Rules for Chained Identity Credentials (http://redmine.ogf.org/dmsf_files/159) (editors: David Groep, Mike Jones)
> * determining the effective attribute set for collated VOMS attributes as presented in a hierarchical chain of identity credentials
> * order in which attributes are to be interpreted
> * how to determine the set of valid attributes in case one out of a bag of VOMS ACs at the same level has expired
* Understanding parsing rules for collated VOMS SAML space (_not (''not available yet_) yet'')
There are currently multiple implementations validating VOMS credentials, and all of these have had to make uncoordinated choices in how to interpret bags of attributes. For security and integrity reasons alone it is needed that the interpretation of attributes is consistent. The scope is deliberately limited to writing two specific documents in a narrow subject space, for which insufficient guidance exists but where active work is ongoing.
h1. Documents
h3. Published GFDs
_none yet_ ''none yet''
h3. Documents currently under consideration by the CAOPS-WG
* VOMS Attribute Certificate Parsing Rules for Chained Identity Credentials (http://redmine.ogf.org/dmsf_files/159) (editors: David Groep, Mike Jones)
> * determining the effective attribute set for collated VOMS attributes as presented in a hierarchical chain of identity credentials
> * order in which attributes are to be interpreted
> * how to determine the set of valid attributes in case one out of a bag of VOMS ACs at the same level has expired
* Understanding parsing rules for collated VOMS SAML space (_not (''not available yet_) yet'')