[Pgi-wg] Sec: Agreement on SOAP and authentication
m.riedel at fz-juelich.de
m.riedel at fz-juelich.de
Fri Mar 20 09:21:18 CDT 2009
YES!
>- As Weizhong mentions, there are additional validation steps in the event that GSI detects the presence of a proxy-extension within a certficate during handshake. But nothing that affects wire protocol.
And exactly because of this fact we have to indicate which services have to take these validation steps and which not.
Q: The question is thus how you indicate within the PGI profiles that you support proxies or only full certificates (w/o additional validation steps).
We getting closer...
Take care,
Morris
--------------------------------------------------------------------------------
Morris Riedel
SW - Engineer
Distributed Systems and Grid Computing Division
Central Institute of Applied Mathematics
Research Centre Juelich
Wilhelm-Johnen-Str. 1
D - 52425 Juelich
Germany
Email: m.riedel at fz-juelich.de
Info: http://www.fz-juelich.de/zam/ZAMPeople/riedel
Phone: +49 2461 61 - 3651
Fax: +49 2461 61 - 6656
Skype: MorrisRiedel
'We work to improve ourselves and the rest of mankind.'
Content-Type: multipart/alternative; boundary=00163646c4b66c64ef04658ce960
--00163646c4b66c64ef04658ce960
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
>
>
> I think Weizhong means implmentation of GSIAPI like one from Globus which
> does have
> own communication protocol incompatible with TLS.
>
I don't believe there are any protocol changes between the
secure-communication in GSI-API (GSI-OpenSSL) and TLS.
As Weizhong mentions, there are additional validation steps in the event
that GSI detects the presence of a proxy-extension within a certficate
during handshake. But nothing that affects wire protocol.
-Duane
--00163646c4b66c64ef04658ce960
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
<div class=3D"gmail_quote">
<blockquote class=3D"gmail_quote" style=3D"PADDING-LEFT: 1ex; MARGIN: 0px 0=
px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid">
<div class=3D"im">=A0</div>I think Weizhong means implmentation of GSIAPI l=
ike one from Globus which does have<br>own communication protocol incompati=
ble with TLS.<br><font color=3D"#888888"></font></blockquote>
<div>=A0</div>
<div>=A0</div>
<div>=A0</div>
<div>I don't believe there are any protocol changes between the secure-=
communication in GSI-API (GSI-OpenSSL) and TLS.=A0 </div>
<div>=A0</div>
<div>As Weizhong mentions, there are additional validation steps in the eve=
nt that GSI detects the presence of a proxy-extension within a certficate d=
uring handshake.=A0 But nothing that affects wire protocol.</div>
<div>=A0</div>
<div>-Duane</div></div>
--00163646c4b66c64ef04658ce960--
-------------------------------------------------------------------
-------------------------------------------------------------------
Forschungszentrum Juelich GmbH
52425 Juelich
Sitz der Gesellschaft: Juelich
Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498
Vorsitzende des Aufsichtsrats: MinDir'in Baerbel Brumme-Bothe
Geschaeftsfuehrung: Prof. Dr. Achim Bachem (Vorsitzender),
Dr. Ulrich Krafft (stellv. Vorsitzender), Prof. Dr. Harald Bolt,
Dr. Sebastian M. Schmidt
-------------------------------------------------------------------
-------------------------------------------------------------------
-------------- next part --------------
_______________________________________________
Pgi-wg mailing list
Pgi-wg at ogf.org
http://www.ogf.org/mailman/listinfo/pgi-wg
More information about the Pgi-wg
mailing list