GT 3.9.5 Security (GSI)
Security tools are concerned with establishing the identity of users or services (authentication), protecting communications, and determining who is allowed to perform what actions (authorization), as well as with supporting functions such as managing user credentials and maintaining group membership information.
GT4 provides distinct WS and pre-WS authentication and authorization capabilities. Both build on the same base, namely standard X.509 end entity certificates and proxy certificates, which are used to identify persistent entities such as users and servers and to support the temporary delegation of privileges to other entities, respectively.
GT4’s WS security comprises:
- Message-Level Security mechanisms, which implement the WS-Security standard and the WS-SecureConversation specification to provide message protection for GT4’s SOAP messages
- Transport-Level Security mechanisms, which uses transport-level security (TLS) mechanisms; and
- an Authorization Framework that allows for a variety of authorization schemes, including a “grid-mapfile” access control list , an access control list defined by a service, a custom authorization handler, and access to an authorization service via the SAML protocol.
For non-WS components, GT4 provides similar authentication, delegation, and authorization mechanisms, although with fewer authorization options.
WS Authentication & Authorization
- Community Authorization Service (CAS)
- Delegation Service
- Authorization Framework
- Message/Transport-level Security
Pre-WS Authentication & Authorization