Speaker
A. McNab
(UNIVERSITY OF MANCHESTER)
Description
We describe the GridSite authorization system, developed by GridPP and the
EU DataGrid project for access control in High Energy Physics grid
environments with distributed virtual organizations. This system provides a
general toolkit of common functions, including the evaluation of access
policies (in GACL or XACML), the manipulation of digital credentials
(X.509, GSI Proxies or VOMS attribute certificates) and utility functions
for protocols such as HTTP.
GridSite also provides a set of extensions
to the Apache web server to permit it to function in a Grid security
environment, including access control, fileserver / webserver management and
a lightweight Virtual Organization service.
Using Apache as an example, we explain how Grid security can be
added to an existing service using our toolkit. We then outline some of the
other uses to which components have been put in the deployed Grids of GridPP, the EU
DataGrid and the LHC Computing Grid.
Primary authors
A. McNab
(UNIVERSITY OF MANCHESTER)
S. Kaushal
(UNIVERSITY OF MANCHESTER)
