Software Links
Getting Started
- Doc Structure
- A Globus Primer
- Globus Is Modular!
- Quickstart
- Installing GT
- Platform Notes
- GT Developer's Guide
- GT User's Guide (coming soon)
- Migrating from GT2
- Migrating from GT3
Reference
- Best Practices
- Coding Guidelines
- API docs
- Public Interfaces (coming soon)
- Resource Properties
- Samples
- Glossary
- Performance Studies (coming soon)
Manuals
Common Runtime
Security
- Non-WS (General) Security
- WS Java Security
- Message-level
- Authz Framework
- CAS
- Delegation Service
- MyProxy
- GSI-OpenSSH
- SimpleCA
- SGAS
Data Mgt
MDS4
Execution Mgt
Table of Contents
Features in GT 4.1.3 WS RLS
- Initial implementation of the WS RLS, which provides a Web services interface to the existing RLS.
- WS-ReplicaLocationCatalog: WSDL-defined interface for performing LRC operations, including creating/adding/deleting mappings, defining/undefining attribute definitions, and creating/modifying/removing attributes. The interface also defines a conceptual set of WS-ResourceProperties based upon which queries may be performed.
- A simple query dialect which may be used to form expressions to be used to query the WS-RLS based on logical/target names and attributes.
- WS-ReplicaLocationIndex: WSDL-defined interface for performing RLI operations. Since the RLI is used as a read-only query interface (querying the index of logical name entries), the WSDL defines domain specific operations. The operation of interest is the standard QueryResourceProperties.
Protocol changes since GT 4.0.5
- None.
API changes since GT 4.0.5
- None.
Exception changes since GT 4.0.5
- None.
Schema changes since GT 4.0.5
- None.
WS RLS depends on the following GT components:
- Java WS Core
- WS Authentication and Authorization
- Replica Location Service (RLS)
WS RLS depends on the following 3rd party software:
- None
Security recommendations include:
The following paragraph describes our INITIAL IMPLEMENTATION in this first look of the WS RLS interface -- THIS IS NOT INTENDED TO BE A FINAL SOLUTION.
Users of the WS RLS authenticate themselves to the WS RLS in the usual manner based on their credential. The WS RLS uses the WSAA and Authorization Framework to make authorization decisions. Then, the WS RLS uses a single certificate and key file to identify itself to the RLS irregardless of the user accessing the WS RLS. Thus users that can access the WS RLS are given the fixed WS RLS identity to access the RLS. Users accustomed to using RLS may not feel comfortable with this approach -- if it may be an issue for your environment, we suggest that you not use it with your production RLS. If you think of WS RLS as the gating interface to the RLS, as you should, then you should apply the appropriate authorization restrictions at the WS RLS level, which can be done using WSAA. This will in effect achieve a level of authorization similar to that of the RLS.