On 17 Dec 2013, at 11:52, Linda Cornwall <[log in to unmask]> wrote:
>> It's yet another case of implementations being driven by funding rather than
>> requirements.
>>
>> As you say, a central ban list that sites download periodically would be really
>> simple. Simple to use, but the downside is it would have been simple to
>> implement, and not something you could write papers about.
>>
>> You could knock it up in an afternoon rather than spending years on it.
>
> Argus central authorization wasn't written for banning/central security emergency suspension, it was written as an authorization service. The idea of additionally using Argus for central security emergency suspension came later, if my memory serves me correctly.
Hierarchical banning/authorization services have been around at least since INFN’s GPBox in 2004ish. ARGUS was a merger of various strands in EGEE III, including GPBox, and that idea of central banning services was retained.
Slide 14 (“Policy distribution”) of this EGEE III talk (“Argus: the new gLite AuthZ Framework") explicitly describes central banning using the ARGUS PAP (written by INFN) and distributed policies, in the same way as GPBox did: https://agenda.cnaf.infn.it/getFile.py/access?contribId=6&resId=0&materialId=slides&confId=305
Cheers
Andrew
|