Speaker
Gerardo GANIS
(CERN)
Description
XrdSec is the security framework developed in the context of the XROOTD project. It
provides a high-level abstract security interface for client-server applications.
Concrete implementations of the interface can be written for any security protocol as
plugin libraries, where all technical details about the protocol are confined.
Clients and server administrators can configure the system behaviour using
environment variables and/or configurations files. The framework naturally provides
server access control and simple client/server negotiation. The result of successful
handshake is a security context object containing the session-key and providing an
API for encryption/decryption over the open channel. XrdSec is written in C++ and can
be easily integrated in any client-server application. In this paper we will describe
the underlying architecture, the protocol plugins currently available
(password-based, Kerberos, GSI) and a few examples of usage, like a simple
client-server application and the integration in ROOT.
Primary authors
Andrew Hanushevsky
(SLAC)
Gerardo GANIS
(CERN)