Certificate Management stuff

Ivan R. Judson judson at mcs.anl.gov
Wed Jan 28 13:38:50 CST 2004


 

> -----Original Message-----
> From: Robert Olson [mailto:olson at mcs.anl.gov] 
> Sent: Wednesday, January 28, 2004 1:25 PM
> To: judson at mcs.anl.gov
> Cc: ag-dev at mcs.anl.gov
> Subject: RE: Certificate Management stuff
> 
> 
> >There are solutions to the "certificate on every machine" that can 
> >alleviate the problem without doing the online ca thing, right? What 
> >are those solutions? Have you looked at what's already 
> available in the 
> >pyGlobus MyProxy interfaces?
> 
> Either solution would require similar up-front 
> infrastructure, involving determing which (online CA / my 
> proxy server / what login name), to use for a given 
> connection to a server.

Makes sense.

> >I guess all I'm saying is there is a lot of discussion that needs to 
> >happen, discussion before cvs commits is always good, 
> especially when 
> >it's used to gain support for your development plans. That 
> one of the 
> >main points of having the AGEP process, we need to convince 
> each other, 
> >during that process many opportunities for improving our 
> plans may be 
> >exposed. I'm not against your plan, just want to make sure it's the 
> >best one before I can say, "yeah, that's the way to go."
> 
> The point is that I'm not yet convinced myself of how this 
> needs to be done, and need to do the groundwork to determine 
> it. I want to do this groundwork before we do a major release 
> so that we don't get nailed for having missed some piece of 
> underlayment that was required but would be more work than we 
> want to put into a minor release later on.

If *you* aren't convinced yet then I'm really skeptical that the code should
be put in cvs. If it's proof of concept or trying to figure it out, make a
branch. Then it won't taint the trunk which should not be exploratory code.
 
> > > Like I said; the first set of changes is largely in place already 
> > > but we need to get newer pyGlobus (with the exceptions 
> support) in 
> > > place for people or it will break; I'd rather not add 
> code to handle 
> > > both old and new pyGLobus.
> >
> >This is something Matt is working on, right? Are you keeping 
> in synch 
> >with him so this enables you as quickly as possible?
> 
> I'm enabled :-) it's the rest of the group that would get 
> hit. I'm assuming since I've not heard otherwise that he's 
> seen the changes (since I sent them out on the topic earlier) 
> and he'll drop by with questions as they occur. I'll give him 
> a poke too.

Thanks for actively chasing this with Matt; it's important that *everyone*
be enabled as soon as we can so we can do our testing and packaging without
any snafus.

--Ivna




More information about the ag-dev mailing list