Status and Plans

EGEE data management team

http://cern.ch/egee-jra1

Middleware Security Meeting 4

EGEE is a project funded by the European Union under contract IST-2003-508833

MWSec-4 - 2

Java

• Authentication: glite/edg-trustmanager OK

• Authorization: fine grained, internal developed

• Delegation: not used yet

Alternatives for Tomcat integration

• EDG/gLite trustmanager (works today)

• GT3.x (commited, but not released yet)

• pure JDK? (RFC 3820 and RFC 3281)

MWSec-4 - 3

C/C++

• Authentication: CGSI-gSOAP 2.3-1.1.5 and 2.6-1.1.5we don't have web service server

• we have the gLite I/O service using plain GSI (auth is GSS, authz is GSI), but it is not a WS for performance reasons (file transfer)

• Delegation: using GSI in gLite I/Oone can turn it off to avoid the problem of mismatching Globus versions through the delegation chain

• Gridsite/mod_ssl: missing an example for gSOAP!Unclear: mod_ssl-gsi + delegation + mod_gsoap vs. mod_gsoap + cgsi_gsoap? An example would be nice.

• we will need a C/C++ WS solution soon...

MWSec-4 - 4

File Transfer

problems similar to job submission:

• job may spend a long time in the queue

• job may travel through “untrusted” nodes

client

FilePlacement

ServiceStork

FileTransferService

gridftp-A

gridftp-B

jobqueue

jobqueue

DataScheduler

MyProxycredential

storefetching a job fetching

credentia(proff by signed job)l

storingcredential

transfer usinguser credentials

submitting a job(with signature)