Speakers
Andrea Ceccanti
(CNAF - INFN)
John White White
(Helsinki Institute of Physics HIP)
Description
The new authorization service of the gLite middleware stack is presented.
In the EGEE-II project, the overall authorization study and review gave
recommendations that the authorization should be rationalized throughout
the middleware stack. As per the accepted recommendations, the new
authorization service is designed to focus on EGEE gLite computational
components: WMS, CREAM, and glexec. At the same time, the design and
implementation of this system keeps in mind other service types such as
data management or user portals.
This paper will outline the full design for the new gLite Authorization
Service which meets the requirements provided in the authorization service
requirements document. At a high level this service is designed to allow
authorization policies to be administered by policy authorities, evaluated
locally or remotely and enforced within an application. The result of a
policy evaluation includes the authorization decision and may also include
the environment under which a task must execute in order to be considered
authorized. This uniform chain of policy management, evaluation and choice
of environment gives a large advantage over the current authorization
systems present in the gLite middleware stack.
Summary
The new Authorization System builds on previous experience to give a consistent authorization decisions and a manageable environment.
| Presentation type (oral | poster) | oral |
|---|
Primary author
John White White
(Helsinki Institute of Physics HIP)
Co-authors
Alberto Forti
(CNAF - INFN)
Andrea Ceccanti
(CNAF - INFN)
Chad Lajoie
(SWITCH)
Christoph Witzig
(SWITCH)
Gerben Venekamp
(NIKHEF)
Joni Hahkala
(Helsinki Institute of Physics HIP)
Oscar Koeroo
(NIKHEF)
Valery Tschopp
(SWITCH)
Dr
Vincenzo Ciaschini
(INFN CNAF)
