Home -> Toolkit -> Docs -> Development -> 3.9.5 -> Security -> Prewsaa -> Developer

GT 3.9.5 Pre-WS Authentication & Authorization: Developer's Guide

• Introduction
• Architecture and design overview
• Public interface
• Usage scenarios
• Tutorials
• Feature summary
• Tested platforms
• Backward compatibility summary
• Technology dependencies
• Security considerations
• Debugging
• Troubleshooting
• Related Documentation

Introduction

This component provides a API for authentication and two APIs for authorization.

The authentication API is a implementation of the GSS-API (RFC 2743 and RFC 2744) extended with functions described in the GSS-API Extensions document.

On the authorization front there is a coarse grained API, which in addition to authorizing also provides a mapping function, and a API that allows for finer grained authorization decisions to be made. The finer grained API follows the subject, object, action paradigm.

Both of the authorization APIs allow different backend implementations through the use of dynamic libary loading.

Architecture and design overview

[link to architecture and design docs]

Public interface

The semantics and syntax of the APIs and WSDL for the component, along with descriptions of domain-specific structured interface data, can be found in the public interface guide.

Usage scenarios

[describe how to use the programatic interfaces of the component, provide examples]

Tutorials

There are no tutorials available at this time

Feature summary

Features new in release 3.9.5

• None

Other Supported Features

• Authentication of user using standard X.509 End Entity and Proxy Certificates
• Delegation using X.509 Proxy Certificates
• Allow authorization based on client certificate chain for GridFTPD and Pre-WS GRAM
• Allow authorization for Pre-WS GRAM based on RSL of job

Deprecated Features

• None

Tested platforms

Tested platforms for Pre-WS Authentication & Authorization:

• i386 Linux

Backward compatibility summary

Protocol changes in Pre-WS Authentication and Authorization since GT version 3.2

• None

API changes since GT version 3.2

• None

Exception changes since GT version 3.2

• Not applicable

Schema changes since GT version 3.2

• Not applicable

Technology dependencies

The Pre-WS Authentication and Authorization component depends on the following GT components:

• C Common Libraries

The Pre-WS Authentication and Authorization component depends on the following 3rd party software:

• OpenSSL

Security considerations

[describe security considerations relevant for this component]

Debugging

[information on standard debugging]

Troubleshooting

[help for common problems developers may experience]

Related Documentation

• RFC 3820 Proxy Certificates
• RFC 2744 GSSAPI: C-bindings
• RFC 2743 GSSAPI
• RFC 2246 TLS
• Grid Security Infrastructure Message Specification