Andrea Ceccanti (CNAF - INFN) John White White (Helsinki Institute of Physics HIP)
The new authorization service of the gLite middleware stack is presented. In the EGEE-II project, the overall authorization study and review gave recommendations that the authorization should be rationalized throughout the middleware stack. As per the accepted recommendations, the new authorization service is designed to focus on EGEE gLite computational components: WMS, CREAM, and glexec. At the same time, the design and implementation of this system keeps in mind other service types such as data management or user portals. This paper will outline the full design for the new gLite Authorization Service which meets the requirements provided in the authorization service requirements document. At a high level this service is designed to allow authorization policies to be administered by policy authorities, evaluated locally or remotely and enforced within an application. The result of a policy evaluation includes the authorization decision and may also include the environment under which a task must execute in order to be considered authorized. This uniform chain of policy management, evaluation and choice of environment gives a large advantage over the current authorization systems present in the gLite middleware stack.
The new Authorization System builds on previous experience to give a consistent authorization decisions and a manageable environment.
|Presentation type (oral | poster)||oral|
John White White (Helsinki Institute of Physics HIP)
Alberto Forti (CNAF - INFN) Andrea Ceccanti (CNAF - INFN) Chad Lajoie (SWITCH) Christoph Witzig (SWITCH) Gerben Venekamp (NIKHEF) Joni Hahkala (Helsinki Institute of Physics HIP) Oscar Koeroo (NIKHEF) Valery Tschopp (SWITCH) Dr Vincenzo Ciaschini (INFN CNAF)