27 September 2004 to 1 October 2004
Interlaken, Switzerland
Europe/Zurich timezone

The GridSite authorization system

29 Sep 2004, 15:20
20m
Brunig 3 (Interlaken, Switzerland)

Brunig 3

Interlaken, Switzerland

oral presentation Track 4 - Distributed Computing Services Grid Security

Speaker

A. McNab (UNIVERSITY OF MANCHESTER)

Description

We describe the GridSite authorization system, developed by GridPP and the EU DataGrid project for access control in High Energy Physics grid environments with distributed virtual organizations. This system provides a general toolkit of common functions, including the evaluation of access policies (in GACL or XACML), the manipulation of digital credentials (X.509, GSI Proxies or VOMS attribute certificates) and utility functions for protocols such as HTTP. GridSite also provides a set of extensions to the Apache web server to permit it to function in a Grid security environment, including access control, fileserver / webserver management and a lightweight Virtual Organization service. Using Apache as an example, we explain how Grid security can be added to an existing service using our toolkit. We then outline some of the other uses to which components have been put in the deployed Grids of GridPP, the EU DataGrid and the LHC Computing Grid.

Primary authors

A. McNab (UNIVERSITY OF MANCHESTER) S. Kaushal (UNIVERSITY OF MANCHESTER)

Presentation Materials