27 September 2004 to 1 October 2004
Interlaken, Switzerland
Europe/Zurich timezone

Authentication/Security services in the ROOT framework

29 Sep 2004, 16:50
20m
Brunig 3 (Interlaken, Switzerland)

Brunig 3

Interlaken, Switzerland

oral presentation Track 4 - Distributed Computing Services Grid Security

Speaker

G. GANIS (CERN)

Description

The new authentication and security services available in the ROOT framework for client/server applications will be described. The authentication scheme has been designed with the purpose to make the system complete and flexible, to fit the needs of the coming clusters and facilities. Three authentication methods have been made available: Globus/GSI, for GRID-awareness; SSH, to allow using a secure and very popular protocol; a fast identification method for intrinsically secure situations. A mechanism to allow server access control has been implemented, allowing to model the authorization schemes according to the needs. A lightweight mechanism for client/server method negotiation has been introduced, to adapt to heterogeneous situations. The forward of the authentication credentials in the PROOF system has been fully automatized. The modularity of the code has been improved to ease maintenance and reuse in new ROOT modules. In particular, a plug-in library for the new Xrootd file server daemon has been designed and implemented. Authentication support has been extended to the main socket server class, allowing to run a ROOT interactive session as a full-featured daemon. Security services have also been added to ROOT. The exchange of sensitive information, e.g. passwords, has been secured. New socket classes supporting SSL-secured connections have been provided for encryption of all the information exchanged with the remote host.

Primary author

G. GANIS (CERN)

Presentation Materials