[Pgi-wg] Sec: Agreement on SOAP and authentication
weizhong qiang
weizhongqiang at gmail.com
Fri Mar 20 08:30:29 CDT 2009
On Fri, Mar 20, 2009 at 2:14 PM, Duane Merrill <dgm4d at virginia.edu> wrote:
> Embedded comments....
>
> 2009/3/19 weizhong qiang <weizhongqiang at gmail.com>
>
>>
>>
>> On Thu, Mar 19, 2009 at 6:27 PM, <m.riedel at fz-juelich.de> wrote:
>>
>>> Hi,
>>>
>>> ok let's put it as follows: I meant "proxy-based TLS == GSI" -
>>
>>
>> "proxy-based TLS" could also be normal TLS (only difference it that you
>> need to check the delegation chain when verifying; the newer version of
>> openssl itself has supported this, or you can also customize the verifying
>> process of openssl with older version to support verification of delegation
>> chain).
>>
>
> Correct.
>
>
>>
>> Of cause GSI is also "proxy-based TLS". But I thinks it is not compatible
>> to normal TLS since it use GSIAPI which has some specific protocol.
>>
>
>
> I believe GSI-API is just that, a programming API that conforms to RFC
> 2744 <http://www.faqs.org/rfcs/rfc2744.html> (GSS), and has no protocol
> restrictions/changes.
>
The globus implementation if GSSAPI (I suppose it should be the only
candidate we are discussing about in out context) does use some specific
negotiation protocol and some "padding" data when doing security context
initiation and data transferring, which is not compatible to normal TLS/SSL.
Weizhong
>
>
>
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.ogf.org/pipermail/pgi-wg/attachments/20090320/6598fcd2/attachment.html
More information about the Pgi-wg
mailing list