A. McNab (UNIVERSITY OF MANCHESTER)
We describe the GridSite authorization system, developed by GridPP and the EU DataGrid project for access control in High Energy Physics grid environments with distributed virtual organizations. This system provides a general toolkit of common functions, including the evaluation of access policies (in GACL or XACML), the manipulation of digital credentials (X.509, GSI Proxies or VOMS attribute certificates) and utility functions for protocols such as HTTP. GridSite also provides a set of extensions to the Apache web server to permit it to function in a Grid security environment, including access control, fileserver / webserver management and a lightweight Virtual Organization service. Using Apache as an example, we explain how Grid security can be added to an existing service using our toolkit. We then outline some of the other uses to which components have been put in the deployed Grids of GridPP, the EU DataGrid and the LHC Computing Grid.