GACL

From GridSiteWiki

GACL is the main authorization policy language used by GridSite. GACL allows policies to be written in terms of common Grid credentials: X.509 identities, GSI proxies, VOMS attribute certificates and lists of X.509 identities.

GridSite both uses GACL policies and provides a GACL manipulation API for C/C++ in the GridSite library.

Table of contents

Credentials

In GridSite 1.3.x, four credential types and one level modifier are supported:

<person> <dn>/O=Grid/CN=Name</dn> </person>
<voms> <fqan>/vo.dom.ain/group</fqan> </voms>
<dn-list> <url>https://www.vo.dom.ain/dn-lists/group</url> </dn-list>
<dns> <hostname>host*.dom.ain</hostname> </dns>
<level> <nist-loa>0-4</nist-loa> </level>

In addition, <any-user/> and <auth-user/> may be used t