Speaker
Dr
Andrew McNab
(University of Manchester)
Description
Components of the GridSite system are used within WLCG and gLite to process security
credentials and access policies. We describe recent extensions to this system to
include the Shibboleth authentication framework of Internet2, and how the GridSite
architecture can now import a wide variety of credential types, including onetime
passcodes, X.509, GSI, VOMS, Shibboleth and OpenID and then apply a single access
policy to determine the subset of rights to be granted to particular request or
session, controlled by policies written in the GACL or XACML langauges.
Finally, we provide examples of using GridSite and Apache to host web services for
High Energy Physics grids written in C/C++/Scripts, as well as Java, and show how
this one architecture has been used for purely interactive websites such as
www.gridpp.ac.uk, for sites that are a mixture of human-generated and automated
monitoring such as the LCG GOC Database, and for web services for grids such as the
gLite WMProxy service.
| Submitted on behalf of Collaboration (ex, BaBar, ATLAS) | GridPP |
|---|
Primary author
Dr
Andrew McNab
(University of Manchester)
