2009/3/20 weizhong qiang <weizhongqiang@gmail.com>:
On Fri, Mar 20, 2009 at 3:00 PM, <m.riedel@fz-juelich.de> wrote: Basically the globus implementation if GSSAPI is about a specific context-initiation negotiation, and some data-padding for initiation and data-transferring. Also you can accomplish proxy-delegation via it. What is for sure is that you can not use client based on normal TLS to talk with service which is based on GSSAPI, or vice versa. AFAIK, There is some grid service (WS compliant) such as some SRM service which uses GSSAPI. (SOAP + HTTP + GSS).
Some years since I last looked at it in detail but IIRC GSSAPI (RFC2743) is just a mechanism for establishing security contexts - if you get these bytes then send this, etc. Presumably normal TLS can be implemented via GSSAPI as well, see eg section 5.3 of the RFC Someone once told me Globus had to deviate from the standard GSSAPI to implement GSI. If this is true then it's worth documenting, no? Again long time ago I experimented with the Globus module for GSI and the lower level Globus GSSAPI. At the time they did not interoperate :-) Had some discussions with Aleksandr at the time. Regards --jens