This is a page for comments on the VODefinition work. Please log in and add your own, or email MarkNorman. Thanks!


Andrew Martin (Oxford) via email

David Wallom (Oxford) verbal

A VO should just be a list. Where you have role attributes combining with general membership these form (sub) VOs themselves, but it isn't helpful to think of hierarchies of VOS. Therefore, they are new VOs.

2006-03-08 15:12:43].

MN follow-up

This would work, but only if we assume that the VO is in full control of the authorisation process for a particular service. Whereas a VO may often (or even usually) be in control, I don't think that we can assume this will always be the case.

I think that it's better to think of the service (or resource/site) being responsible for authorisation and the VO providing information for the decision to be made. (Even when the VO is in the driving seat, it's best to approach it this way, as it covers all cases, not just a sub-set). Maybe... :-)

-- MarkNorman 2006-03-08 15:12:43

See Nate Klingenstein's wiki thoughts on VOs

At https://authdev.it.ohio-state.edu/twiki/bin/view/Main/VirtualOrganizations

A small excerpt:

Nate sent this to the GGF shibgrid-bof mailing list on 8 March 06.

Back to the VODefinition page.

ESPGRIDwiki: VODefinitionComments (last edited 2013-05-17 16:26:46 by localhost)