Software Links
Getting Started
- A Globus Primer
- Globus Is Modular!
- Quickstart
- Installing GT
- Platform Notes
- GT Developer's Guide
- GT User's Guide
- Migrating Guides
Reference
Manuals
Common Runtime
Security
- GSI C
- GSI Java
- Java WS A&A
- C WS A&A (coming soon)
- CAS
- Delegation Service
- MyProxy
- GSI-OpenSSH
- SimpleCA
Data Mgt
WS MDS
Execution Mgt
Table of Contents
Security descriptors contain various security properties like credentials, the grid map file location, required authentication and authorization mechanisms and so on. There are four types of security descriptors in the code base for setting container, service, resource and client security properties:
| Descriptor Type | Functionality |
| container security descriptor | determines the container level security requirement that needs to be enforced. |
| service security descriptor | determines the service level security requirement that needs to be enforced. |
| resource security descriptor | determines the resource level security requirement that needs to be enforced. |
| client security descriptor | determines the security properties that need to be used for a particular invocation. |
The security descriptors (container, security and resource) can be created and altered programmatically (as opposed to writing a security descriptor file), as described in Configuring Security Descriptor Programmatically . For the service and container descriptor, we recommend writing a security descriptor file so that the security properties are initialized at start up.
Service and container security descriptors can be configured as XML files in the global and service deployment descriptor as shown below. Resource security descriptors can only be created dynamically, either programmatically or from a descriptor file. Client security descriptor can be configured as a XML file and set as property on Stub.
All security descriptor files need to comply with a defined schema and should be written within the defined namespace.
Table 1. Security descriptor schema
| Descriptor | Schema | Namespace | Root Element |
| Container security descriptor | http://www.globus.org/security/descriptor/container | containerSecurityConfig | |
| Service security descriptor | http://www.globus.org/security/descriptor/service | serviceSecurityConfig | |
| Resource security descriptor |
Schema, (Same schema as service) | http://www.globus.org/security/descriptor/service | serviceSecurityConfig |
| Client security descriptor | http://www.globus.org/security/descriptor/client | clientSecurityConfig |
If a security descriptor is configured to be read from a file, it is loaded as follows:
- As a file if an absolute file path is specified.
- As a resource (can be included as part of jar file).
- As a file, assuming that the specified path is relative to the
installation root, typically pointed to by the environment
variable
GLOBUS_LOCATION.
If the security descriptor file is altered at runtime, it will not be reloaded