Security tools are concerned with establishing the identity of users and/or services (authentication), protecting the integrity and privacy of communications (message protection), determining and enforcing who is allowed to perform what actions on what resources (authorization), and provide (secure) logs to verify that the correct policy is enforced (accounting allows for auditing of policy compliance). It also includes supporting functions such as managing user credentials, maintaining group membership information, administering access rights, etc.
GT5 provides distinct WS and non-WS authentication and authorization capabilities. Both build on the same base, namely the standard X.509 end-entity and proxy certificates, which are used to identify persistent entities such as users and servers and to support the temporary delegation of privileges to other entities. Note that you can find information about the non-WS authentication and authorization capabilities under the GSI documentation (below).
- Security Key Concepts
Grid Security Infrastructure (GSI)
Security Services
Run your own Certificate Authority (CA)
Utilities
| If you want to: | see: |
|---|---|
| Install and configure GSI Security |
|
| Obtain certificates | Obtaining host certificates |
| Add authorization with a gridmap file | Section 3, “Add authorization”, Section 4, “Configuring Credential Mappings” and Globus Toolkit Gridmap Processing |
| Use firewalls with GSI | Firewall HowTo |
| Learn about the types of proxy certificates used in GT | Proxy Cert Types |
| Manage proxy certificates, use security for non-WS components | User's Guide |
| Manage credentials by storing proxies in a repository | MyProxy |
| Run your own simple Certificate Authority (CA) | SimpleCA |
| Use a single-signon remote login | GSI-OpenSSH |