Home

Credentials Delegation

Delegation Process

The delegation is the process used to transfer rights and privileges to another party. Since the WMProxy and the WMS when providing some services need to interact with other services, operating on behalf of the user, a delegation process is needed to transfer client proxy credentials to the server host. The delegation service is provided through a port type whose description is imported into the WMProxy WSDL file from the gLite common delegation WSDL file.
Delegated credentials are uniquely identified by the association of the delegation identifier, provided by user, and the user’s DN within the credentials.
Multiple delegations of the same proxy credential are allowed with different delegation identifiers; however, it is recommended to do it once at the beginning of the working session and reuse the same delegation identifier, as delegation process is generally time-consuming.
The WMProxy holds a cache of the delegated proxies, which is purged periodically from the expired credentials; upon a submission request the service performs a mapping between the incoming job and a proxy in its cache according to the requesting user DN and the specified delegation identifier. From that point on, each operation performed for that job is done using the credential associated to it in this way.

Figure 1 - Credentials Delegation Sequence Diagram

Credentials Renewal

The User can store a long-lived certificate that can be used by the WMS in order to renew the lifetime of a standard user certificate proxy (usually valid only for 12 hours). Long-running jobs may run into this limit and fail due to expioration of user proxy. WMProxy can automatically request the registration for renewing the proxy certificate sent by the user. This is done through the attribute "MyProxyServer" inside the submitting JDL. When a Proxy Renewal Registration is requested for a certain Job, the WMProxy registers it to the proxy renewal. From that moment on, credentials for such jobs are granted by renewed certificate credentials. Actually all jobs that uses the same credentials links to only one renewed certificate.

Page last modified on April 23, 2008, at 12:52 PM

What is Grid

The Grid is an emerging infrastructure that will fundamentally change the way we think about - and use - computing. The basic idea is very simple, since it is about harnessing unused resources through the Internet, or a corporate Intranet, to solve major computational problems that require far more computing power and data storage than that available at any single location

EGEE Project

The Enabling Grids for E-sciencE (EGEE) project is funded by the European Commission and aims to build on recent advances in grid technology and develop a service grid infrastructure

EGEE Home Page

Contact:

egee@elsagdatamat.com

Big View Normal View Attach:Site/PageHeader/softflow.gif Δ Home Edit History Recent Changes
Home Page Job Description Language About JDL JDL Types API Documentation JSDL WMProxy Service About WMProxy Service Architecture Security, AuthN & AuthZ Credentials Delegation Provided Functionality Job Submission Service Interface New Features Tools Installation Guide Configuration Guide Administration Guide Service Monitoring Guide Troubleshooting Release WMProxy API About WMProxy API Installation Guide Job Submission API Documentation WMProxy Client About WMProxy Client Installation Guide Configuration Guide User Guide Quick Start Release WMS UI Python Command Line About Python Command Line Installation Guide Configuration Guide VO Configuration Guide User Guide API Documentation Glossary Internal edit SideBar TriadSkin 3 Powered by PmWiki	WM Proxy Service Credentials Delegation Delegation Process The delegation is the process used to transfer rights and privileges to another party. Since the WMProxy and the WMS when providing some services need to interact with other services, operating on behalf of the user, a delegation process is needed to transfer client proxy credentials to the server host. The delegation service is provided through a port type whose description is imported into the WMProxy WSDL file from the gLite common delegation WSDL file. Delegated credentials are uniquely identified by the association of the delegation identifier, provided by user, and the user’s DN within the credentials. Multiple delegations of the same proxy credential are allowed with different delegation identifiers; however, it is recommended to do it once at the beginning of the working session and reuse the same delegation identifier, as delegation process is generally time-consuming. The WMProxy holds a cache of the delegated proxies, which is purged periodically from the expired credentials; upon a submission request the service performs a mapping between the incoming job and a proxy in its cache according to the requesting user DN and the specified delegation identifier. From that point on, each operation performed for that job is done using the credential associated to it in this way. Figure 1 - Credentials Delegation Sequence Diagram Credentials Renewal The User can store a long-lived certificate that can be used by the WMS in order to renew the lifetime of a standard user certificate proxy (usually valid only for 12 hours). Long-running jobs may run into this limit and fail due to expioration of user proxy. WMProxy can automatically request the registration for renewing the proxy certificate sent by the user. This is done through the attribute "MyProxyServer" inside the submitting JDL. When a Proxy Renewal Registration is requested for a certain Job, the WMProxy registers it to the proxy renewal. From that moment on, credentials for such jobs are granted by renewed certificate credentials. Actually all jobs that uses the same credentials links to only one renewed certificate. Edit Page History Source Attach File Backlinks List Group Page last modified on April 23, 2008, at 12:52 PM	What is Grid The Grid is an emerging infrastructure that will fundamentally change the way we think about - and use - computing. The basic idea is very simple, since it is about harnessing unused resources through the Internet, or a corporate Intranet, to solve major computational problems that require far more computing power and data storage than that available at any single location EGEE Project The Enabling Grids for E-sciencE (EGEE) project is funded by the European Commission and aims to build on recent advances in grid technology and develop a service grid infrastructure EGEE Home Page Contact: egee@elsagdatamat.com
skin config pmwiki-2.0.12