Hongwei Zhang wrote:
> Another implication (and potential challenge) of the alternative
> approach is that the AM has to maintain the state of credentials.
I don't think so. In my (perhaps simple) understanding, the
**clearinghouse** maintains state of the credentials. In fact, I think
that is the nut of the proposal. A researcher presents credentials to
the CH, which validates them before forwarding the request to the AM.
The AM trusts the CH to perform the validation.
> This appears to be a more stateful approach compared with the orignial
> one, and this may also have implications for the allowable time
> interval between a research getting his resource-access-credential and
> actually using the resource.
Again, I don't think so. As soon as the researcher gains access to the
clearinghouse (an 'account'), the CH can validate him.
--aaron
_______________________________________________
control-wg mailing list
control-wg@...
http://lists.geni.net/mailman/listinfo/control-wg
