Home -> Toolkit -> Docs -> Development -> 3.9.4 -> Security -> Authzframe -> Developer

GT 3.9.4 Authorization Framework: Developer's Guide

• Introduction
• Architecture and design overview
• Public interface
• Usage scenarios
• Tutorials
• Feature summary
• Tested platforms
• Backward compatibility summary
• Technology dependencies
• Security considerations
• Troubleshooting
• Related Documentation

Introduction

The authorization framework enforces a configured authorization policy on the service and client side. The framework allows for developers to configure a chain of authorization mechanism either programatically or declaratively using security descriptors. It also allows for plugging in new authorization scheme (in addition to using those that are provided with the framework.) Moreover the framework allows for this configuration to be done at resource, service or container level, each taking precedence in the order specified and scoped as the name suggestes.

Architecture and design overview

[link to architecture and design docs]

Public interface

The semantics and syntax of the APIs and WSDL for the component, along with descriptions of domain-specific structured interface data, can be found in the public interface guide.

Usage scenarios

Configuring authorization information can be done using programmatic interface and is described in detail in these two sections of Security Descriptor docuemnt: a) Programmatic altering of descriptors and b) Resource Security Descriptor.

If the authorization framework is set on either service or container level and is using one of the schemes that are distributed with the toolkit, it is recommended that declarative configuration using security descriptor files be used.

Tutorials

[add links to any tutorials - if no tutorials, say "There are no tutorials available at this time"]

Feature summary

Features new in release 3.9.4

• SAML callout enables outsourcing of authorization decisions to an authorization service (e.g. PERMIS)

Other Supported Features

• Authorization based on grid-mapfile and other access control lists
• Ability to implement custom authorization modules

Deprecated Features

• None

Tested platforms

Tested Platforms for WS Authorization Framework:

• Linux (Red Hat 7.3)
• Windows 2000
• Solaris 9

Backward compatibility summary

Protocol changes in the Authorization Framework since GT version 3.2

• Addition of the SAML authorization callout

API changes since GT version 3.2

• None

Exception changes since GT version 3.2

• None

Schema changes since GT version 3.2

• None

Technology dependencies

The WS Authentication and Authorization component depends on the following GT components:

• WS Authentication and Authorization Message-Level Security

The WS Authentication and Authorization components depends on the following 3rd party software:

• OpenSAML

Security considerations

[describe security considerations relevant for this component]

Troubleshooting

[help for common problems developers may experience]

Related Documentation

[could link to pdfs and whitepapers about protocols, etc re: the component]