On Fri, Nov 7, 2008 at 4:48 AM, Kakoli Sen <[EMAIL PROTECTED]> wrote: > > According to the link below, > http://www.globus.org/toolkit/docs/4.0/security/authzframe/security_descript > or.html#s-authzframe-secdesc-configAuthz > prefix can be different for different PDP's.
(Hmm, I would have swore that the documentation used the word "scope," rather than "prefix," the last time I looked.) Yes, the prefix can be different because the "prefix is used to allow multiple instances of the same PDP/PIP to exist in the same authorization chain," but you don't have multiple instances of the same PDP/PIP so you don't need different prefixes. I don't think that's your problem, however. <rant>The prefix mechanism is error-prone and should be removed if possible.</rant> > In our case, VomsPDP has prefix 'bscope', which has to be prefixed with PDP > configuration parameters like 'vomsAttrAuthzFile' and 'vomsAttrMapFile' in > wsdd file. Yes, this looks good, thanks. > Also, similar thing is working for RFT service. Only in Delegation service, > the PDPConfig does not have the required parameters. I see that. I don't know what to say...everything looks good to me. Maybe there's some assumption of gridmap in the delegation service code. Tom