[ogsa-rss-wg] comments on the EPS wsdl

Donal K. Fellows donal.k.fellows at manchester.ac.uk
Tue Aug 8 05:15:06 CDT 2006 

Arvid Norberg wrote:
> Donal K. Fellows wrote:
>> Umm, they're the versions I'm using with my tooling, but I'm using the
>> Unicore/GS tooling which is a bit different to the Globus tooling. I'm
>> not going to argue about tooling versioning though;
> 
> I see, I'm somewhat of a noob still, I mostly know globus.

No problem at all, since I definitely don't know Globus well. (I last
hacked around with it back in early versions of GT3. Since GT4 came out,
I've not had time.)

I think, as a policy decision, we'll want the WS-RF binding to use the
WS-RF spec that's been finalized by OASIS. But since the core of the EPS
isn't really about WS-RF anyway, doing the obvious hacks to make it work
with Globus is fine. And having to hack the filenames seems to be normal
practice. :-\

> As far as I know, using the delegation service is the only portable  way 
> of delegating credentials in globus at least. (The C libraries  don't 
> support SecureConversation).

Sure. It's just whether the reference to the delegation service goes in
the SOAP body, which would be something we'd have to specify, or the
SOAP header, which is outside this WG's scope. No prizes for guessing
which one I prefer. :-D

The main thing is that if delegatable credentials are available, they
should be used when the EPS contacts any information services (assuming
they require such credentials at all) or other EPS instances. The
mechanics of doing that is out of scope, since there are several
different ways of achieving it (I prefer explicit trust delegation, and
the service-oriented version of that uses request metadata - i.e. SOAP
headers - to transfer the information required for the delegation to be
performed).

Oh, I should also say thanks for telling me that some information
services require (delegated) credentials to access. That *forces* us to
make non-trivial security statements, as opposed to just needing them
for the somewhat more complex case where an EPS delegates part of its
activity to another EPS. It's exactly what I wanted to hear! :-)

Donal.

More information about the ogsa-rss-wg mailing list