Table of Contents
The Delegation Service provides an interface for the delegation of credentials to a hosting environment. This enables a single delegated credential to be shared across multiple invocations of services on that hosting environment (e.g. it could be used for multiple GRAM job submissions or across GRAM and RFT submissions.) It also provides a means for credential renewal.
Features new in GT 4.2.0:
- Added support for GetResourceProperties and QueryResourceProperties interface.
Other Supported Features:
- Provides an interface for the delegation and renewal of credentials to a host.
- Allows for a single delegated credential to be reused across multiple service invocations (e.g. GRAM jobs).
Deprecated Features:
- None.
Underlying Java WS Authentication library supports RFC 3820 proxies by default as described in Release Notes. The Delegation Service will also default to RFC 3820 proxies.
- Added support for
GetResourcePropertiesandQueryResourcePropertiesinterfaces. This allows for a client to query for the lifetime of the delegated credential. The command line client options have been changed to use options that are standard across the toolkit. Note that all features that were supported before are still supported, but some of the option names have changed.
- Bug 4593: C WS-Delegation Utils (Refresh/Program/Tests)
- Bug 2973: Delegation clients have inconsistent arguments
- Bug 2978: Delegation suceeds of client does not authorize server
- Bug 3076: ArrayIndexOutOfBoundsException if argument not specified for globus-credential-delegate and globus-credential-refresh
- Bug 3077: Issues with globus-credential-delegate and globus-credential-refresh
- Bug 3412: Staging delegation host address needs to use logical host name
- Bug 3446: simple mistake in globus_delegation_client_util.c
- Bug 3955: Service must release all of its resources on deactivation
- Bug 4236: globusrun-ws and delegation server problem in HEAD
- Bug 4300: Delegation Service does not implement GetRP interface
- Bug 4769: Delegation client API should allow for explicit X509Extensions to be set
- Bug 4926: DelegationUtil's delegate() doesn't use EPRs
- Bug 5782: Delegation client util defaults to old proxy format
The following problems and limitations are known to exist for the Delegation Service at the time of the 4.2.0 release:
The Delegation Service depends on the following GT components:
- WS Authentication and Authorization
- Java WS Core
The Delegation Service depends on all third party software Java WS Core depends on.
Tested Platforms for Delegation Service:
- Windows XP
- Linux (Red Hat 7.3)
Tested Containers for Delegation Service:
- Java WS Core container
- Tomcat 5.0.30
Delegation Service has been updated to use the latest version of Java WS Core, which now supports the final version of WSRF/WSN specification. This service is not compatible with the previous stable versions, GT 4.0.x.
The Java WS Authentication and Message component has been updated to support RFC 3820 proxies by default as described here. This implies that credentials delegated in the previous stable version are incompatible with this version.
- WS-Security
- WS-Security: X.509 Certificate Tokens
- WS-Trust
- RFC 3820 Proxy Certificates
See Delegation Service for more information about this component.