GT 3.9.5 Delegation Service: User's Guide
Introduction
The delegation service can be used to delegate credentials and furnish the Endpoint Reference to the delegated credential to services that user wants to delegate rights to.[End user-friendly introduction AND references to the Toolkit-level User's Guide where they can find general end user-oriented information]
Command-line tools
Two command line clients are available as a part of this component:
globus-credential-delegate
Tool description
Used to contact delegation service and store a delegated credential. A delegated credential is created, stored in a delegation service and the Endpoint Referecne(EPR) of the credetial is written out to a file for further use.
Command syntax
globus-credential-delegate [options]where options can be
-h <host> |
Host on which delegation factory service is running. Defaults to localhost |
-p <port> |
Port on which delegation factory service is running. Defaults to 8080 |
-c <credFile> |
Filename to read credential from. If not speecified, default proxy location is used. |
-l <lifetime> |
Lifetime for the created delegated credentials, specified in seconds. Defaults to 12 hours. |
-d <true/false> |
If set to "true", full delegation is done, if set to "false" limited delegation is done. Defaults to limited delegation. |
-m <security mechanism> |
Sets the security mechanism type. If set to 'msg' Secure Message is used, if set to 'conv' Secure Conversation is used or if set to 'trans' Secure Transport is used. Defaults to Secure Transport. |
-n <protection type> |
Sets the protection type. If set to 'sig' siganture is used, if set to 'enc' encryption is used. Defaults to signature. |
-a <authz> |
Type of client authorization to use. If set to "none" no authorization is done, "host" host authorization is done, "self"l; self authorization is done else the string specified is used as expected identity. Defaults to host authorization. |
-o <filename> |
Filename to write out EPR of delegated credential |
globus-credential-refresh
Tool description
Used to refresh delegated credentials pointed to be specified EPR. A new credential is generated and the one the delegation service is overwritten.
Command syntax
globus-credential-refresh [options]where options can be
-c <credFile> |
Filename to read credential from. If not speecified, default proxy location is used. |
-l <lifetime> |
Lifetime for the created delegated credentials, specified in seconds. Defaults to 12 hours. |
-d <true/false> |
If set to "true", full delegation is done, if set to "false" limited delegation is done. Defaults to limited delegation. |
-m <security mechanism> |
Sets the security mechanism type. If set to 'msg' Secure Message is used, if set to 'conv' Secure Conversation is used or if set to 'trans' Secure Transport is used. Defaults to Secure Transport. |
-n <protection type> |
Sets the protection type. If set to 'sig' siganture is used, if set to 'enc' encryption is used. Defaults to signature. |
-a <authz> |
Type of client authorization to use. If set to "none" no authorization is done, "host" host authorization is done, "self"l; self authorization is done else the string specified is used as expected identity. Defaults to host authorization. |
-e <filename> |
Filename to read EPR of delegated credential from. Defaults to "delegatedCredEPR" |
Graphical user interfaces
There is no GUI for the Delegation Service.
Troubleshooting
[user-friendly help on common problems they may encounter]