Speaker
G. GANIS
(CERN)
Description
The new authentication and security services available in the ROOT framework
for client/server applications will be described.
The authentication scheme has been designed with the purpose to make the
system complete and flexible, to fit the needs of the coming clusters and
facilities.
Three authentication methods have been made available: Globus/GSI,
for GRID-awareness; SSH, to allow using a secure and very popular protocol;
a fast identification method for intrinsically secure situations.
A mechanism to allow server access control has been implemented, allowing
to model the authorization schemes according to the needs.
A lightweight mechanism for client/server method negotiation has been
introduced, to adapt to heterogeneous situations.
The forward of the authentication credentials in the PROOF system has been
fully automatized.
The modularity of the code has been improved to ease maintenance and reuse
in new ROOT modules. In particular, a plug-in library for the new Xrootd file
server daemon has been designed and implemented.
Authentication support has been extended to the main socket server
class, allowing to run a ROOT interactive session as a full-featured daemon.
Security services have also been added to ROOT. The exchange of sensitive
information, e.g. passwords, has been secured.
New socket classes supporting SSL-secured connections have been provided for
encryption of all the information exchanged with the remote host.
Primary author
G. GANIS
(CERN)
