Re: [Pgi-wg] OGF PGI - Task 043 - Find out how delegation works (RFC, OpenSSL)
Aleksandr, Moreno, Morris, Duane and Shinichi, Concerning delegation of credentials : There is informnation inside the 'Delegation' folder of PGI documents at http://forge.gridforum.org/sf/docman/do/listDocuments/projects.pgi-wg/docman... Following the OGF PGI wiki Matrix, delegation is performed with different methods. Can each Grid Infrastructure : - verify the following assertions, - correct them if necessary, - verify if the adequate level of detail is available, - improve the level of detail if necessary ? Thank you in advance. - ARC : 1. Delegation through extended BES interface; 2. Delegation through pluggable module to client and service, and Delegation Service; 3. Delegation through Myproxy server The first 2 methods are described in chapters 6 'Delegation' and 10 'Short-Lived Credential Service' of 'Security framework of ARC1' at http://forge.gridforum.org/sf/go/doc15451?nav=1 - gLite : - directly by GSI, but only with Globus proxies, - at a higher level, by the 'GridSite Delegation' service described at http://www.gridsite.org/wiki/Delegation_protocol - through MyProxy server Delegation for the CREAM CE is described inside 'Delegation in the CREAM Service' at http://forge.gridforum.org/sf/go/doc15472?nav=1 - Unicore6 : SAML Delegation Chain, as described in slide 16 'Foundational Security Elements (2)' of 'Unicore Security' at http://indico.cern.ch/getFile.py/access?contribId=6&sessionId=2&resId=0&materialId=slides&confId=52862 - Genesis II : WS-Trust, as described in chapter 1.1.5 'Delegated Identities' of 'Genesis-II Security Implementation' at http://forge.gridforum.org/sf/go/doc15435?nav=1 and http://docs.oasis-open.org/ws-sx/ws-trust/v1.3/ws-trust.html - NAREGI : - Pluggable module or library for credential delegation on both client and service side, - Delegation Service (planed). It is described in chapter 4 'Delegation' of 'The security infrastructure used in NAREGI' at http://forge.gridforum.org/sf/go/doc15434?nav=1 - EDGeS : Through MyProxy server, as described in slide 6 and 7 'Bridge BOINC --> EGEE' of 'Specific security needs of Desktop Grids' at http://indico.cern.ch/getFile.py/access?contribId=8&sessionId=3&resId=1&materialId=slides&confId=52862 Best regards. ---------------------------------- Etienne URBAH IN2P3 - LAL Bat 200 91898 ORSAY France Tel: +33 1 64 46 84 87 Mob: +33 6 22 30 53 27 Skype: etienne.urbah mailto:urbah@lal.in2p3.fr ---------------------------------- SourceForge Administrator wrote:
Project: pgi-wg Folder: Action List
task1090: 043 - find out how delegation works (RFC, OpenSSL)
Description: Contact ARC people, ask on mailing list
Created on 04/06/2009 by Johannes Watzl
To view the Task, go to: http://forge.ogf.org/sf/go/task1090
Dear Etienne, Thank you for your efforts to clarify our issues. In case of NAREGI, the current mechanism for credential delegation is as follows. - NAREGI : -Delegation service by GT4(GSI), using Globus proixies -Globus proxies include VOMS AC Best regards, Mineo
Aleksandr, Moreno, Morris, Duane and Shinichi,
Concerning delegation of credentials :
There is informnation inside the 'Delegation' folder of PGI documents at http://forge.gridforum.org/sf/docman/do/listDocuments/projects.pgi-wg/docman...
Following the OGF PGI wiki Matrix, delegation is performed with different methods.
Can each Grid Infrastructure : - verify the following assertions, - correct them if necessary, - verify if the adequate level of detail is available, - improve the level of detail if necessary ?
Thank you in advance.
- ARC : 1. Delegation through extended BES interface; 2. Delegation through pluggable module to client and service, and Delegation Service; 3. Delegation through Myproxy server The first 2 methods are described in chapters 6 'Delegation' and 10 'Short-Lived Credential Service' of 'Security framework of ARC1' at http://forge.gridforum.org/sf/go/doc15451?nav=1
- gLite : - directly by GSI, but only with Globus proxies, - at a higher level, by the 'GridSite Delegation' service described at http://www.gridsite.org/wiki/Delegation_protocol - through MyProxy server Delegation for the CREAM CE is described inside 'Delegation in the CREAM Service' at http://forge.gridforum.org/sf/go/doc15472?nav=1
- Unicore6 : SAML Delegation Chain, as described in slide 16 'Foundational Security Elements (2)' of 'Unicore Security' at http://indico.cern.ch/getFile.py/access?contribId=6&sessionId=2&resId=0&materialId=slides&confId=52862
- Genesis II : WS-Trust, as described in chapter 1.1.5 'Delegated Identities' of 'Genesis-II Security Implementation' at http://forge.gridforum.org/sf/go/doc15435?nav=1 and http://docs.oasis-open.org/ws-sx/ws-trust/v1.3/ws-trust.html
- NAREGI : - Pluggable module or library for credential delegation on both client and service side, - Delegation Service (planed). It is described in chapter 4 'Delegation' of 'The security infrastructure used in NAREGI' at http://forge.gridforum.org/sf/go/doc15434?nav=1
- EDGeS : Through MyProxy server, as described in slide 6 and 7 'Bridge BOINC --> EGEE' of 'Specific security needs of Desktop Grids' at http://indico.cern.ch/getFile.py/access?contribId=8&sessionId=3&resId=1&materialId=slides&confId=52862
Best regards.
---------------------------------- Etienne URBAH IN2P3 - LAL Bat 200 91898 ORSAY France Tel: +33 1 64 46 84 87 Mob: +33 6 22 30 53 27 Skype: etienne.urbah mailto:urbah@lal.in2p3.fr ----------------------------------
SourceForge Administrator wrote:
Project: pgi-wg Folder: Action List
task1090: 043 - find out how delegation works (RFC, OpenSSL)
Description: Contact ARC people, ask on mailing list
Created on 04/06/2009 by Johannes Watzl
To view the Task, go to: http://forge.ogf.org/sf/go/task1090
-- Shinichi Mineo RIKEN tel : 048-467-9741 e-mail : mineo@riken.jp
participants (2)
-
Etienne URBAH -
mineo