Targeted PGI requirements ------------------------- IS1 1 All grid entities (if possible) MUST be described using the GLUE model. If not possible, extensions for the GLUE model are necessary IS2 163 Each Service MUST publish its properties (Name, Type, Endpoints, ...) and the properties of its Endpoints in conformance with GLUE recommendations IS3 4 Each service MUST publish information regarding its service properties AA2 11 Each Service MUST publish the Authentication and Authorization methods accepted by its Endpoints in conformance with GLUE recommendations AA3.5 17 For Client authentication, Services must accept all following authentication methods: Full X509, X509 Proxy Proposed new possible values for 'Capability_t' Semantics Carried credentials ----------------------------------------------- --------- ------------------- security.trustedCA.IGTF Server uses IGTF list of certificate authorities security.trustedCA.InCommon Server uses InCommon as certificate authority security.authentication.ssl Server has generic SSL/TLS/X509 capabilities for authentication security.authentication.ssl.server Server is able to provide its X509 credentials to clients security.authentication.ssl.server.certificate Server is able to provide public part of its full X509 certificate Subject (DN) and Issuer security.authentication.ssl.client Server is able to authenticate client with X509 security.authentication.ssl.client.certificate Client may provide public part of full X509 certificate Subject (DN) and Issuer security.authentication.ssl.client.proxy.GSI Client may provide public part of old-style Globus proxy Subject (DN) and Issuer security.authentication.ssl.client.proxy.RFC3820 Client may provide public part of RFC-3820-compliant X509 proxy Subject (DN) and Issuer security.authentication.ws-security Server has WS-Security capabilities for authentication ??? security.authentication.ws-trust Server has WS-Trust capabilities for authentication ??? security.authentication.ws-i-bsp Server has 'WS-I Basic Security Profile' capabilities for Authn ??? security.authorization.ssl Server has generic SSL/TLS/X509 capabilities for authorization security.authorization.ssl.client Server is able to authorize client with X509 security.authorization.ssl.client.certificate Client may provide public part of full X509 certificate Subject (DN) and Issuer security.authorization.ssl.client.proxy.GSI Client may provide public part of old-style Globus proxy Subject (DN) and Issuer security.authorization.ssl.client.proxy.RFC3820 Client may provide public part of RFC-3820-compliant X509 proxy Subject (DN) and Issuer security.authorization.ssl.client.proxy.voms Client may provide VOMS extensions inside the proxy Subject (DN), Issuer, VOMS extensions security.authorization.ssl.client.delegation Client may require delegation security.authorization.ssl.client.delegation.GSI Client may require delegation using old-style Globus proxy security.authorization.ssl.client.delegation.X509 Client may require delegation using X509 certificate or RFC-3820-compliant X509 proxy security.authorization.saml Client may provide SAML assertions SAML assertions security.authorization.saml.voms Client may provide VOMS extensions as SAML assertions SAML assertions, VOMS extensions security.authorization.ws-security Server has WS-Security capabilities for authorization ??? security.authorization.ws-trust Server has WS-Trust capabilities for authorization ??? security.authorization.ws-i-bsp Server has 'WS-I Basic Security Profile' capabilities for Authz ???