[Pgi-wg] Sec: Agreement on SOAP and authentication

m.riedel at fz-juelich.de m.riedel at fz-juelich.de
Fri Mar 20 09:18:19 CDT 2009 

Hi,

>- I think Weizhong means implmentation of GSIAPI like one from Globus which does have
>- own communication protocol incompatible with TLS.

And I guess this is where all the misunderstandings comming from related to PGI_GSI or 'proxy-based TLS' :-)

Take care,
Morris



--------------------------------------------------------------------------------
Morris Riedel
SW - Engineer
Distributed Systems and Grid Computing Division
Central Institute of Applied Mathematics
Research Centre Juelich
Wilhelm-Johnen-Str. 1
D - 52425 Juelich
Germany

Email:  m.riedel at fz-juelich.de
Info: http://www.fz-juelich.de/zam/ZAMPeople/riedel

Phone: +49 2461 61 - 3651
Fax: +49 2461 61 - 6656

Skype: MorrisRiedel

'We work to improve ourselves and the rest of mankind.'

----- Original Message -----
From: Aleksandr Konstantinov <aleksandr.konstantinov at fys.uio.no>
Date: Friday, March 20, 2009 2:22 pm
Subject: Re: [Pgi-wg] Sec: Agreement on SOAP and authentication

> On Friday 20 March 2009 15:14, Duane Merrill wrote:
> > Embedded comments....
> > 
> > 2009/3/19 weizhong qiang <weizhongqiang at gmail.com>
> > 
> > >
> > >
> > >  On Thu, Mar 19, 2009 at 6:27 PM, <m.riedel at fz-juelich.de> wrote:
> > >
> > >> Hi,
> > >>
> > >>  ok let's put it as follows: I meant "proxy-based TLS == GSI" 
> -
> > >
> > >
> > > "proxy-based TLS" could also be normal TLS (only difference it 
> that you
> > > need to check the delegation chain when verifying; the newer 
> version of
> > > openssl itself has supported this, or you can also customize 
> the verifying
> > > process of openssl with older version to support verification 
> of delegation
> > > chain).
> > >
> > 
> > Correct.
> > 
> > 
> > >
> > > Of cause GSI is also "proxy-based TLS". But I thinks it is not 
> compatible> > to normal TLS since it use GSIAPI which has some 
> specific protocol.
> > >
> > 
> > 
> > I believe GSI-API is just that, a programming API that conforms 
> to RFC
> > 2744<" target="l">http://www.faqs.org/rfcs/rfc2744.html> (GSS),
> > and has no protocol restrictions/changes.
> 
> I think Weizhong means implmentation of GSIAPI like one from 
> Globus which does have
> own communication protocol incompatible with TLS.
> 
> 
> A.K.
> _______________________________________________
> Pgi-wg mailing list
> Pgi-wg at ogf.org
> http://www.ogf.org/mailman/listinfo/pgi-wg
> 



-------------------------------------------------------------------
-------------------------------------------------------------------
Forschungszentrum Juelich GmbH
52425 Juelich

Sitz der Gesellschaft: Juelich
Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498
Vorsitzende des Aufsichtsrats: MinDir'in Baerbel Brumme-Bothe
Geschaeftsfuehrung: Prof. Dr. Achim Bachem (Vorsitzender),
Dr. Ulrich Krafft (stellv. Vorsitzender), Prof. Dr. Harald Bolt,
Dr. Sebastian M. Schmidt
-------------------------------------------------------------------
-------------------------------------------------------------------

More information about the Pgi-wg mailing list