Home -> Toolkit -> Docs -> 3.2 -> Infosvcs -> Ws -> Key

WS Information Services: Key Concepts

Overview
Uses and Benefits of the Index Service
Information Model
Queries
User Interface
>Security
Related Documents

Security

The security mechanism used by the Globus Toolkit is the Grid Security Infrastructure (GSI), which enables the use of certificates and various files to provide authentication and authorization services.  GSI is described in more detail in GSI Security Infrastructure.

GSI is a library for providing generic security services for applications that will be run on the Grid.  GSI provides programs to facilitate login to a variety of sites, while each site has its own flavor of security measures.

GSI provides a single sign-on authentication service, to identify a user for access to multiple Grid resources via one sign-on procedure.  GSI also provides local control over access rights and mapping from global to local user identities.

OGSA provides two different GSI implementations.  One is based on message-level security, and the other on transport-level security, as known from Version 2 of the Globus Toolkit (GT2).  Transport-level security is supported in order to be backwards compatible with GT2, and also to simplify integration with hosting environments without message-level security support.  GSI defines protocols for mutual authentication, credential delegation, proxy signing, message protection, and authorization, and typically sits on top of a Secure Sockets Layer/Transport Layer Security (SSL/TLS) implementation.

The WS Index Service is compatible with the GT3.2 Grid Security Infrastructure, however by default, security is not enabled.  Security can be enabled by adding a reference to a properly formatted security-config.xml file in the service descriptor for the Index Service.

For more information on GT3/OGSA security, refer to GT3 Grid Security Infrastructure.