[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [ggf-ogsa-sec-wg] VO consideration

To: "Philippe Janson" <pj@zurich.ibm.com>
Subject: Re: [ggf-ogsa-sec-wg] VO consideration
From: "Takashi Kojo" <kojo@isd.nec.co.jp>
Date: Tue, 29 Oct 2002 17:12:00 +0900
Cc: <ogsa-sec-wg@gridforum.org>
References: <OF0200BA5D.3995890A-ONC1256C5D.0034CED8-C1256C5D.0042857E@ch.ibm.com>
Reply-To: "Takashi Kojo" <kojo@bk.jp.nec.com>
Sender: owner-ogsa-sec-wg@gridforum.org

Phil,

>> - What would be real organization(RO) policy/trust and VO policy/trust?
> Quite similar in abstract syntax and semantics but bearing on different
objects with
> different scope in practice.
> Just as a security officer in some RO could set policies like users in
(previously defined)
>  group G or with (previously defined) attribute A have access to resources
in (previously
> defined) pool P,  so could a security officer in the same RO involved in a
VO V set
> policies that (external) users with membership in V are authorized to
access local resources
> in the (previously defined) pool Pv.  Each RO security officer can define
which of his real
> local users and resources are cleared to be in V.

I understand this far.

I tentatively distinguished RO from VO, but are they essentially different
or
not at certain level? Assuming they have common class at certain level,
we could recursively construct a VO from combination of some VOs.

Kojo

Follow-Ups:
- Re: [ggf-ogsa-sec-wg] VO consideration
  - From: Philippe Janson <pj@zurich.ibm.com>

References:
- Re: [ggf-ogsa-sec-wg] VO consideration
  - From: Philippe Janson <pj@zurich.ibm.com>

Prev by Date: Re: [ggf-ogsa-sec-wg] VO consideration
Next by Date: Re: [ggf-ogsa-sec-wg] VO consideration
Prev by thread: Re: [ggf-ogsa-sec-wg] VO consideration
Next by thread: Re: [ggf-ogsa-sec-wg] VO consideration
Index(es):
- Date
- Thread