Home -> Toolkit -> Docs -> Development -> 3.9.3 -> Security -> Prewsaa

GT 3.9.3 Development Release Notes for Pre-WS Authentication & Authorization

• Component Overview
• Feature Summary
• Bug Fixes
• Known Problems
• Technology Dependencies
• Supported Platforms
• Backward Compatibility Summary
• For More Information

Component Overview

The Globus Toolkit Pre-Web Services Authentication and Authorization component allows for the authentication of users and services using X.509 End Entity certificates as well as allow for delegation using X.509 Proxy Certificates. The authorization callouts enable the ability to perform access control based on the client credentials (i.e. the X.509 certificate chain), customize gridmap lookup (currently available in the Gatekeeper and GridFTP servers), and perform fine-grained authorization in the GRAM Jobmanager.

Feature Summary

Features new in release 3.9.3

• None

Other Supported Features

• Authentication of user using standard X.509 End Entity and Proxy Certificates
• Delegation using X.509 Proxy Certificates
• Allow authorization based on client certificate chain for GridFTPD and Pre-WS GRAM
• Allow authorization for Pre-WS GRAM based on RSL of job

Deprecated Features

• None

Bug Fixes

• Bugzilla Bug 1217 gss_export_name() does not conform to RFC 2743 section 3.2
• Bugzilla Bug 1334 request for more strict format checking in grid-mapfile-check-consistency
• Bugzilla Bug 1740 Implicit module activiation
• Bugzilla Bug 1802 accept_sec_context doesn't set LIMITED_PROXY_FLAG for GSI_3_LIMITED_PROXY
• Bugzilla Bug 1847 grid-cert-request with both /etc/grid-security and $GL/share/certificates
• Bugzilla Bug 1854 grid-cert-info help message is missing a word

Known Problems

• Bugzilla Bug 1239 grid grants access even though local account is locked
• Bugzilla Bug 1695 gpt-verify vs. globus_trusted_ca_42864e48_setup
• Bugzilla Bug 1753 bug 318 resolution opens door to spoofing ?
• Bugzilla Bug 1927 authz linking problems on Mac OS X

Technology Dependencies

The Pre-WS Authentication and Authorization component depends on the following GT components:

• C Common Libraries

The Pre-WS Authentication and Authorization component depends on the following 3rd party software:

• OpenSSL

Tested Platforms

Tested platforms for Pre-WS Authentication & Authorization:

• i386 Linux

Backward Compatibility Summary

Protocol changes in Pre-WS Authentication and Authorization since GT version 3.2

• None

API changes since GT version 3.2

• None

Exception changes since GT version 3.2

• Not applicable

Schema changes since GT version 3.2

• Not applicable

For More Information

Click here for more information about this component.