# $Id: 304672b7.signing_policy.txt,v 1.2 2004/11/05 23:12:24 mrt Exp $ 

# ca-signing-policy.conf, see ca-signing-policy.doc for more information
#
# This is the configuration file describing the policy for what CAs are
# allowed to sign whoses certificates.
#
# This file is parsed from start to finish with a given CA and subject
# name.
# subject names may include the following wildcard characters:
#    *    Matches any number of characters.
#    ?    Matches any single character.
#
# CA names must be specified (no wildcards). Names containing whitespaces
# must be included in single quotes, e.g. 'Certification Authority'. 
# Names must not contain new line symbols. 
# The value of condition attribute is represented as a set of regular 
# expressions. Each regular expression must be included in double quotes.  
#
# This policy file dictates the following policy:
#
#  The FusionGrid CA signs certificates for DC=FusionGrid
#
# Format:
#------------------------------------------------------------------------
#  token type  | def.authority |                value              
#--------------|---------------|-----------------------------------------
# EACL entry #1|

 access_id_CA      X509         '/DC=org/DC=fusiongrid/OU=Certificate Authorities/CN=FusionGrid CA'
 
 pos_rights        globus        CA:sign
 
 cond_subjects     globus     	'"/DC=org/DC=fusiongrid/*" "/DC=org/DC=FusionGrid/*"'


#
# End FusionGrid CA Policy