[Pgi-wg] OGF PGI - Task 043 - Find out how delegation works (RFC, OpenSSL)
Etienne URBAH
urbah at lal.in2p3.fr
Wed Apr 8 13:09:09 CDT 2009
Aleksandr, Moreno, Morris, Duane and Shinichi,
Concerning delegation of credentials :
There is informnation inside the 'Delegation' folder of PGI documents at
http://forge.gridforum.org/sf/docman/do/listDocuments/projects.pgi-wg/docman.root.input_documents.security_material.delegation
Following the OGF PGI wiki Matrix, delegation is performed with
different methods.
Can each Grid Infrastructure :
- verify the following assertions,
- correct them if necessary,
- verify if the adequate level of detail is available,
- improve the level of detail if necessary ?
Thank you in advance.
- ARC :
1. Delegation through extended BES interface;
2. Delegation through pluggable module to client and service, and
Delegation Service;
3. Delegation through Myproxy server
The first 2 methods are described in chapters 6 'Delegation' and 10
'Short-Lived Credential Service' of 'Security framework of ARC1' at
http://forge.gridforum.org/sf/go/doc15451?nav=1
- gLite :
- directly by GSI, but only with Globus proxies,
- at a higher level, by the 'GridSite Delegation' service described
at http://www.gridsite.org/wiki/Delegation_protocol
- through MyProxy server
Delegation for the CREAM CE is described inside 'Delegation in the
CREAM Service' at http://forge.gridforum.org/sf/go/doc15472?nav=1
- Unicore6 :
SAML Delegation Chain, as described in slide 16 'Foundational
Security Elements (2)' of 'Unicore Security' at
http://indico.cern.ch/getFile.py/access?contribId=6&sessionId=2&resId=0&materialId=slides&confId=52862
- Genesis II :
WS-Trust, as described in chapter 1.1.5 'Delegated Identities' of
'Genesis-II Security Implementation' at
http://forge.gridforum.org/sf/go/doc15435?nav=1 and
http://docs.oasis-open.org/ws-sx/ws-trust/v1.3/ws-trust.html
- NAREGI :
- Pluggable module or library for credential delegation on both
client and service side,
- Delegation Service (planed).
It is described in chapter 4 'Delegation' of 'The security
infrastructure used in NAREGI' at
http://forge.gridforum.org/sf/go/doc15434?nav=1
- EDGeS :
Through MyProxy server, as described in slide 6 and 7 'Bridge BOINC
--> EGEE' of 'Specific security needs of Desktop Grids' at
http://indico.cern.ch/getFile.py/access?contribId=8&sessionId=3&resId=1&materialId=slides&confId=52862
Best regards.
----------------------------------
Etienne URBAH IN2P3 - LAL
Bat 200 91898 ORSAY France
Tel: +33 1 64 46 84 87
Mob: +33 6 22 30 53 27
Skype: etienne.urbah
mailto:urbah at lal.in2p3.fr
----------------------------------
SourceForge Administrator wrote:
> Project: pgi-wg
> Folder: Action List
>
> task1090: 043 - find out how delegation works (RFC, OpenSSL)
>
> Description: Contact ARC people, ask on mailing list
>
> Created on 04/06/2009 by Johannes Watzl
>
>
> To view the Task, go to:
> http://forge.ogf.org/sf/go/task1090
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5060 bytes
Desc: S/MIME Cryptographic Signature
Url : http://www.ogf.org/pipermail/pgi-wg/attachments/20090408/3041a248/attachment.bin
More information about the Pgi-wg
mailing list