Having read this discussion a 4th (simple to implement) options occurs:
4. If a VO has it is in it usage policy (i.e. the user had already agreed
to it by signing the VO agreement) then we make it available other
wise we don't.
So in reality we would always publish something in that field but if it is
not from a VO that agreed to this it would say "Unknown" or
similar rather than a real DN.
Would everybody be happy with this? Would there be any objections to this
approach?
All the best,
david
|