GT 3.9.5 MyProxy: Developer's Guide
- Introduction
- Architecture and design overview
- Public interface
- Usage scenarios
- Tutorials
- Feature summary
- Tested platforms
- Backward compatibility summary
- Technology dependencies
- Security considerations
- Debugging
- Troubleshooting
- Related Documentation
Introduction
We recommend using the CoG Kits when developing with MyProxy.
Architecture and design overview
The MyProxy system architecture and design is described in the following two publications:
- J. Basney, M. Humphrey, and V. Welch. The MyProxy Online Credential Repository. Software: Practice and Experience, 2005.
- J. Novotny, S. Tuecke, and V. Welch. An Online Credential Repository for the Grid: MyProxy. Proceedings of the Tenth International Symposium on High Performance Distributed Computing (HPDC-10), IEEE Press, August 2001.
Public interface
The semantics and syntax of the APIs and WSDL for the component, along with descriptions of domain-specific structured interface data, can be found in the public interface guide.
Usage scenarios
MyProxy provides a solution for delegating credentials to Grid portals to allow the portal to authenticate to Grid services on the user's behalf. A Grid portal is a web server that provides an interface to Grid services, allowing users to submit compute jobs, transfer files, and query Grid information services from a standard web browser. For example:
- The Open Grid Computing Environment (OGCE) collaboratory provides software for building grid computing portals using MyProxy.
- The GridSphere credential manager portlet supports MyProxy.
- The Grid Portal Toolkit interfaces with MyProxy using the Perl CoG Kit.
- The Extreme! Computing Lab's Proxy Manager Xportlet interfaces with MyProxy.
Tutorials
There are no tutorials available at this time.
Feature summary
Features new in release 3.9.5
- This is the first Globus Toolkit release that includes MyProxy.
Other Supported Features
- Users can store and retrieve multiple X.509 proxy credentials.
- Administrators can load the repository with X.509 end-entity credentials.
- The
myproxy-admin-addusercommand integrates MyProxy with SimpleCA to create user credentials and load them into the MyProxy repository. - Users and administrators can set access control policies on the credentials in the repository.
- If allowed by policy, job managers (such as Condor-G) can renew credentials before they expire.
- The MyProxy server enforces local site passphrase policies using a configurable external call-out.
Deprecated Features
- None
Tested platforms
Tested Platforms for MyProxy
- Mac OS X 10.3
- i686 GNU/Linux
- ia64 GNU/Linux
Backward compatibility summary
Protocol changes since GT version 3.2
- MyProxy was not included in GT 3.2.
API changes since GT version 3.2
- MyProxy was not included in GT 3.2.
Exception changes since GT version 3.2
- Not applicable
Schema changes since GT version 3.2
- Not applicable
Technology dependencies
MyProxy depends on the following GT component:
- Pre-WS Authentication and Authorization
MyProxy depends on the following 3rd party software:
- None
Security considerations
You should choose a well-protected host to run the myproxy-server on. Consult with security-aware personnel at your site. You want a host that is secured to the level of a Kerberos KDC, that has limited user access, runs limited services, and is well monitored and maintained in terms of security patches.
For a typical myproxy-server installation, the host on which the myproxy-server is running must have /etc/grid-security created and a host certificate installed. In this case, the myproxy-server will run as root so it can access the host certificate and key.
Debugging
Please refer to the Testing section of the Admin Guide and the Troubleshooting section of the User's Guide for debugging information.
Troubleshooting
Please refer to the Troubleshooting section of the User's Guide.
Related Documentation
For additional information about MyProxy, see the MyProxy Project Home Page at NCSA.