[Pgi-wg] Sec: Agreement on SOAP and authentication
Aleksandr Konstantinov
aleksandr.konstantinov at fys.uio.no
Fri Mar 20 08:22:17 CDT 2009
On Friday 20 March 2009 15:14, Duane Merrill wrote:
> Embedded comments....
>
> 2009/3/19 weizhong qiang <weizhongqiang at gmail.com>
>
> >
> >
> > On Thu, Mar 19, 2009 at 6:27 PM, <m.riedel at fz-juelich.de> wrote:
> >
> >> Hi,
> >>
> >> ok let's put it as follows: I meant "proxy-based TLS == GSI" -
> >
> >
> > "proxy-based TLS" could also be normal TLS (only difference it that you
> > need to check the delegation chain when verifying; the newer version of
> > openssl itself has supported this, or you can also customize the verifying
> > process of openssl with older version to support verification of delegation
> > chain).
> >
>
> Correct.
>
>
> >
> > Of cause GSI is also "proxy-based TLS". But I thinks it is not compatible
> > to normal TLS since it use GSIAPI which has some specific protocol.
> >
>
>
> I believe GSI-API is just that, a programming API that conforms to RFC
> 2744<http://www.faqs.org/rfcs/rfc2744.html> (GSS),
> and has no protocol restrictions/changes.
I think Weizhong means implmentation of GSIAPI like one from Globus which does have
own communication protocol incompatible with TLS.
A.K.
More information about the Pgi-wg
mailing list