LHC Computer Grid - Rollout
> [mailto:[log in to unmask]] On Behalf Of Antun Balaz
said:
> When configuring ACLs on gLite VOMS server, is it safe and
> sufficient (for
> all other entities, i.e. other than VO admin) to allow "list"
> operation
> to "Anyone who presents a certificate issued by a known CA"
> for all groups and roles?
I don't see an answer to this from anyone else ... for what it's worth
my non-authoritative answer is that it's reasonable to configure it
that way, I don't think it's revealing more information than leaks out
in lots of other ways, e.g. by reading the grid map file. And anyway I
suspect it's the only practical way to let grid map files be generated,
while we're still using them.
Stephen
|