[Pgi-wg] OGF PGI - Task 043 - Find out how delegation works (RFC, OpenSSL)
mineo
mineo at riken.jp
Wed Apr 15 03:41:58 CDT 2009
Dear Etienne,
Thank you for your efforts to clarify our issues.
In case of NAREGI,
the current mechanism for credential delegation is as follows.
- NAREGI :
-Delegation service by GT4(GSI), using Globus proixies
-Globus proxies include VOMS AC
Best regards,
Mineo
> Aleksandr, Moreno, Morris, Duane and Shinichi,
>
>
> Concerning delegation of credentials :
>
>
> There is informnation inside the 'Delegation' folder of PGI documents at
> http://forge.gridforum.org/sf/docman/do/listDocuments/projects.pgi-wg/docman.root.input_documents.security_material.delegation
>
>
> Following the OGF PGI wiki Matrix, delegation is performed with
> different methods.
>
> Can each Grid Infrastructure :
> - verify the following assertions,
> - correct them if necessary,
> - verify if the adequate level of detail is available,
> - improve the level of detail if necessary ?
>
> Thank you in advance.
>
>
> - ARC :
> 1. Delegation through extended BES interface;
> 2. Delegation through pluggable module to client and service, and
> Delegation Service;
> 3. Delegation through Myproxy server
> The first 2 methods are described in chapters 6 'Delegation' and 10
> 'Short-Lived Credential Service' of 'Security framework of ARC1' at
> http://forge.gridforum.org/sf/go/doc15451?nav=1
>
>
> - gLite :
> - directly by GSI, but only with Globus proxies,
> - at a higher level, by the 'GridSite Delegation' service described
> at http://www.gridsite.org/wiki/Delegation_protocol
> - through MyProxy server
> Delegation for the CREAM CE is described inside 'Delegation in the
> CREAM Service' at http://forge.gridforum.org/sf/go/doc15472?nav=1
>
>
> - Unicore6 :
> SAML Delegation Chain, as described in slide 16 'Foundational
> Security Elements (2)' of 'Unicore Security' at
> http://indico.cern.ch/getFile.py/access?contribId=6&sessionId=2&resId=0&materialId=slides&confId=52862
>
>
> - Genesis II :
> WS-Trust, as described in chapter 1.1.5 'Delegated Identities' of
> 'Genesis-II Security Implementation' at
> http://forge.gridforum.org/sf/go/doc15435?nav=1 and
> http://docs.oasis-open.org/ws-sx/ws-trust/v1.3/ws-trust.html
>
>
> - NAREGI :
> - Pluggable module or library for credential delegation on both
> client and service side,
> - Delegation Service (planed).
> It is described in chapter 4 'Delegation' of 'The security
> infrastructure used in NAREGI' at
> http://forge.gridforum.org/sf/go/doc15434?nav=1
>
>
> - EDGeS :
> Through MyProxy server, as described in slide 6 and 7 'Bridge BOINC
> --> EGEE' of 'Specific security needs of Desktop Grids' at
> http://indico.cern.ch/getFile.py/access?contribId=8&sessionId=3&resId=1&materialId=slides&confId=52862
>
>
> Best regards.
>
> ----------------------------------
> Etienne URBAH IN2P3 - LAL
> Bat 200 91898 ORSAY France
> Tel: +33 1 64 46 84 87
> Mob: +33 6 22 30 53 27
> Skype: etienne.urbah
> mailto:urbah at lal.in2p3.fr
> ----------------------------------
>
>
> SourceForge Administrator wrote:
> > Project: pgi-wg
> > Folder: Action List
> >
> > task1090: 043 - find out how delegation works (RFC, OpenSSL)
> >
> > Description: Contact ARC people, ask on mailing list
> >
> > Created on 04/06/2009 by Johannes Watzl
> >
> >
> > To view the Task, go to:
> > http://forge.ogf.org/sf/go/task1090
--
Shinichi Mineo
RIKEN
tel : 048-467-9741
e-mail : mineo at riken.jp
More information about the Pgi-wg
mailing list