MSO and multiple communities
Dave Morris
dave at ast.cam.ac.uk
Tue Jul 6 08:03:05 PDT 2004
Guy Rixon wrote:
>On Tue, 6 Jul 2004, Tony Linde wrote:
>
>
>
>>>If we say that a user can be in a group in a community but
>>>not actually in that community, then isn't a bit hard?
>>>
>>>
>>Why? The list of members in the group includes that user's account id. No?
>>
>>
>
>Suppose my identity is in community C1 and my group is in C2. My target
>service trusts C2 but not C1.
>
If the service S does not trust your originating community C1, then you
can't access the service.
End of story.
I'm not sure I see the problem though.
It puts the responsibility on Community administrators to make their
Communities trustworthy.
Don't register with an insecure Community.
Dave
More information about the grid
mailing list