Home

Security, AuthN & AuthZ

Message exchange between client and server is performed with SOAP/HTTPS.

Authentication of the requesting user is done through the X.509 proxy certificate signed by a trusted Certification Authority (CA), which guarantees that the exposed public key is really owned by the user. The authentication process is handled by the Apache HTTP server by means of the SSL and Grid Site modules. The authenticated request together with information about the checked credential (e.g. expiration time, VOMS extensions), are then passed to WMProxy within the CGI environment. WMProxy does not need to directly manipulate Grid credentials in this phase.

Authorization is implemented through the Grid Access Control List (GACL) library, which is provided by Grid Site for manipulating Access Control List (ACL) files. Authorization can be either Fully Qualified Attribute Name (FQAN) (coarse-grained) or Distinguished Name (DN) based (fine-grained) according to the type of proxy presented by the client.

There are two authorization steps that are performed for an incoming request within the WMProxy:

1) Determine whether the requesting user is authorized to use the WMS services.
2) Determine whether the requesting user is either the owner of the job or has permissions to manage it. (This step is only performed for operations directly related to a given job)

User Mapping: when a user performs a request to the WMProxy service, he is mapped to a local user, which is needed to perform all filesystem operations related to single jobs. This mapping is done through LCMAPS module.

Page last modified on April 11, 2008, at 05:23 PM

What is Grid

The Grid is an emerging infrastructure that will fundamentally change the way we think about - and use - computing. The basic idea is very simple, since it is about harnessing unused resources through the Internet, or a corporate Intranet, to solve major computational problems that require far more computing power and data storage than that available at any single location

EGEE Project

The Enabling Grids for E-sciencE (EGEE) project is funded by the European Commission and aims to build on recent advances in grid technology and develop a service grid infrastructure

EGEE Home Page

Contact:

egee@elsagdatamat.com

Big View Normal View Attach:Site/PageHeader/softflow.gif Δ Home Edit History Recent Changes
Home Page Job Description Language About JDL JDL Types API Documentation JSDL WMProxy Service About WMProxy Service Architecture Security, AuthN & AuthZ Credentials Delegation Provided Functionality Job Submission Service Interface New Features Tools Installation Guide Configuration Guide Administration Guide Service Monitoring Guide Troubleshooting Release WMProxy API About WMProxy API Installation Guide Job Submission API Documentation WMProxy Client About WMProxy Client Installation Guide Configuration Guide User Guide Quick Start Release WMS UI Python Command Line About Python Command Line Installation Guide Configuration Guide VO Configuration Guide User Guide API Documentation Glossary Internal edit SideBar TriadSkin 3 Powered by PmWiki	WM Proxy Service Security, AuthN & AuthZ Message exchange between client and server is performed with SOAP/HTTPS. Authentication of the requesting user is done through the X.509 proxy certificate signed by a trusted Certification Authority (CA), which guarantees that the exposed public key is really owned by the user. The authentication process is handled by the Apache HTTP server by means of the SSL and Grid Site modules. The authenticated request together with information about the checked credential (e.g. expiration time, VOMS extensions), are then passed to WMProxy within the CGI environment. WMProxy does not need to directly manipulate Grid credentials in this phase. Authorization is implemented through the Grid Access Control List (GACL) library, which is provided by Grid Site for manipulating Access Control List (ACL) files. Authorization can be either Fully Qualified Attribute Name (FQAN) (coarse-grained) or Distinguished Name (DN) based (fine-grained) according to the type of proxy presented by the client. There are two authorization steps that are performed for an incoming request within the WMProxy: 1) Determine whether the requesting user is authorized to use the WMS services. 2) Determine whether the requesting user is either the owner of the job or has permissions to manage it. (This step is only performed for operations directly related to a given job) User Mapping: when a user performs a request to the WMProxy service, he is mapped to a local user, which is needed to perform all filesystem operations related to single jobs. This mapping is done through LCMAPS module. Edit Page History Source Attach File Backlinks List Group Page last modified on April 11, 2008, at 05:23 PM	What is Grid The Grid is an emerging infrastructure that will fundamentally change the way we think about - and use - computing. The basic idea is very simple, since it is about harnessing unused resources through the Internet, or a corporate Intranet, to solve major computational problems that require far more computing power and data storage than that available at any single location EGEE Project The Enabling Grids for E-sciencE (EGEE) project is funded by the European Commission and aims to build on recent advances in grid technology and develop a service grid infrastructure EGEE Home Page Contact: egee@elsagdatamat.com
skin config pmwiki-2.0.12