# $Id: 1c3f2ca8.signing_policy,v 1.2 2006/11/24 17:00:35 pmacvsdg Exp $ 

# ca-signing-policy.conf, see ca-signing-policy.doc for more information
#
# This is the configuration file describing the policy for what CAs are
# allowed to sign whoses certificates.
#
# This file is parsed from start to finish with a given CA and subject
# name.
# subject names may include the following wildcard characters:
#    *    Matches any number of characters.
#    ?    Matches any single character.
#
# CA names must be specified (no wildcards). Names containing whitespaces
# must be included in single quotes, e.g. 'Certification Authority'. 
# Names must not contain new line symbols. 
# The value of condition attribute is represented as a set of regular 
# expressions. Each regular expression must be included in double quotes.  
#
# This policy file dictates the following policy:
#
#  The DOEGrids CA signs certificates for doegrids.org 
#
# Format:
#------------------------------------------------------------------------
#  token type  | def.authority |                value              
#--------------|---------------|-----------------------------------------
# EACL entry #1|

 access_id_CA      X509         '/DC=org/DC=DOEGrids/OU=Certificate Authorities/CN=DOEGrids CA 1'
 
 pos_rights        globus        CA:sign
 
 cond_subjects     globus     	'"/DC=org/DC=DOEGrids/*" "/DC=org/DC=doegrids/*" "/O=DOEGrids.org/*" "/O=doegrids.org/*"'


#
# End DOE SG CA Policy
# 
# $Log: 1c3f2ca8.signing_policy,v $
# Revision 1.2  2006/11/24 17:00:35  pmacvsdg
# Updated ESnet and DOEGrids certs as per Mike signed mail of Nov 9 2006
# verified PGP signatures on tar ball using DGs web of trust
#
# Revision 1.3  2006/08/23 23:07:04  dhiva
# updated with doesciencegrid string removal
#
# Revision 1.2  2003/05/27 16:29:35  helm
# Change statement of policy
#
# Revision 1.1  2003/05/22 22:38:21  helm
# *** empty log message ***
#
# Revision 1.4  2003/05/09 22:21:39  helm
# doegrids
#
# Revision 1.3  2003/05/03 01:29:50  dhiva
# modified the cond_subject
# from /DC=/DOEGrids
# to   /DC=DOEGrids
#
# Revision 1.2  2003/05/03 01:16:38  dhiva
# $Id: 1c3f2ca8.signing_policy,v 1.2 2006/11/24 17:00:35 pmacvsdg Exp $ Included
#
# Revision 1.1  2003/05/03 01:15:05  dhiva
# Globus Support Files for pki1.doegrids.org CA
#