GT3 Grid Security Infrastructure (GSI): Security Features
Sources of more information:
| Area | Supported Feature | GT3.0 C Code | GT3.0 Java Code |
| Proxy Certificates | Authentication with Internet Draft compliant proxy certificates | Yes | Yes |
| Authentication with legacy (GT2) proxy certificates | Yes, supported on in GridFTPd | Present, but unsupported | |
| Delegation of proxy certificates | Yes | Yes | |
| CA Support | CA signing policy | Yes, documentation | No |
| Configurable trust roots (CA certificates) | Yes | Yes | |
| Revocation | CRLs | Yes | No |
| OCSP | No | No | |
| GSSAPI | GSSAPI | Yes, See RFC 2744 | Yes |
| GSSAPI extensions | Yes | Yes | |
| Integrity protection of user data | Yes | Yes | |
| Encryption of user data | Yes | Yes | |
| Authorization | User authorization | grid-mapfile | grid-mapfile |
| Client-side authorization of service using hostname | Yes | Yes | |
| Client-side authorization of service with GRIM credentials | Yes | Yes | |
| Client-side authorization of service with wildcard matching of hostnames (e.g. foo matches foo-*: foo-1, foo-ethernet, etc.) | Yes | Yes | |
| CAS Support | In prototype | No | |
| Kerberos | Relinking with Kerberos instead of PKI | Yes (but kludgy) | In theory as it is part of Java 1.4, but untested. |
| SOAP | SOAP independent message Signing | Yes | Yes |
| SOAP independent message Encryption | Yes | Yes | |
| Context establishment over SOAP | Yes | Yes |