@492968 * version format should be 1.0.1? * version and facility>scriptVersion are duplicates? * I would unify the presence of "attributes" everywhere. The way I see it now is that in some places we need the "attributes" sublevel (like in resources>r_uuid_1), so it might be better to use it everywhere, even in places where it is not strictly needed (like in resources>r_uuid_1>assigned_groups>g_uuid_1) * Just for being more illustrative, I would use real attribute names instead of `full:perun:name` everywhere. It will show the type of the attributes more clearly then just a comment. * I would clarify the presence of all objects, e.g. `VOs, indexed by VO uuid` -> `VOs, indexed by VO uuid, which have at least one member in the "users" list` (to be clear that this is not a complete list of all VOs in Perun) * I haven't thought about group experation and VO expiration. It might be good to note whether this takes only users valid in group / VO, or how the behavior is affected by the "include expired members" switch of the service in Perun