status and plans egee data management team middleware security meeting 4 egee is a project funded...
TRANSCRIPT
Status and Plans
EGEE data management team
http://cern.ch/egee-jra1
Middleware Security Meeting 4
EGEE is a project funded by the European Union under contract IST-2003-508833
MWSec-4 - 2
Java
• Authentication: glite/edg-trustmanager OK
• Authorization: fine grained, internal developed
• Delegation: not used yet
Alternatives for Tomcat integration
• EDG/gLite trustmanager (works today)
• GT3.x (commited, but not released yet)
• pure JDK? (RFC 3820 and RFC 3281)
MWSec-4 - 3
C/C++
• Authentication: CGSI-gSOAP 2.3-1.1.5 and 2.6-1.1.5we don't have web service server
• we have the gLite I/O service using plain GSI (auth is GSS, authz is GSI), but it is not a WS for performance reasons (file transfer)
• Delegation: using GSI in gLite I/Oone can turn it off to avoid the problem of mismatching Globus versions through the delegation chain
• Gridsite/mod_ssl: missing an example for gSOAP!Unclear: mod_ssl-gsi + delegation + mod_gsoap vs. mod_gsoap + cgsi_gsoap? An example would be nice.
• we will need a C/C++ WS solution soon...
MWSec-4 - 4
File Transfer
problems similar to job submission:
• job may spend a long time in the queue
• job may travel through “untrusted” nodes
client
FilePlacement
ServiceStork
FileTransferService
gridftp-A
gridftp-B
jobqueue
jobqueue
DataScheduler
MyProxycredential
storefetching a job fetching
credentia(proff by signed job)l
storingcredential
transfer usinguser credentials
submitting a job(with signature)