MSO and multiple communities
Tony Linde
ael at star.le.ac.uk
Tue Jul 6 08:07:22 PDT 2004
> I'm not sure I see the problem though.
> It puts the responsibility on Community administrators to
> make their Communities trustworthy.
>
> Don't register with an insecure Community.
Agreed.
T.
> -----Original Message-----
> From: Dave Morris [mailto:dave at ast.cam.ac.uk]
> Sent: 06 July 2004 16:03
> To: Guy Rixon
> Cc: Tony Linde; grid at ivoa.net
> Subject: Re: MSO and multiple communities
>
> Guy Rixon wrote:
>
> >On Tue, 6 Jul 2004, Tony Linde wrote:
> >
> >
> >
> >>>If we say that a user can be in a group in a community but not
> >>>actually in that community, then isn't a bit hard?
> >>>
> >>>
> >>Why? The list of members in the group includes that user's
> account id. No?
> >>
> >>
> >
> >Suppose my identity is in community C1 and my group is in C2. My
> >target service trusts C2 but not C1.
> >
> If the service S does not trust your originating community
> C1, then you can't access the service.
> End of story.
>
> I'm not sure I see the problem though.
> It puts the responsibility on Community administrators to
> make their Communities trustworthy.
>
> Don't register with an insecure Community.
>
> Dave
>
More information about the grid
mailing list