Software Links
Getting Started
- Doc Structure
- A Globus Primer
- Quickstart
- Installing GT
- Platform Notes
- Migrating from GT2
- Migrating from GT3
Reference
- PDF version
- Best Practices
- Coding Guidelines
- API docs
- Public Interfaces
- Resource Properties
- Samples
- Glossary
- Index
- Performance Studies
Common Runtime
Security
Data Mgt
Information Svcs
Execution Mgt
Table of Contents
The Delegation Service is a new component in Globus Toolkit 4.1.0. This component provides an interface for delegation of credentials to a hosting environment. This enables a single delegated credential to be shared across multiple invocations of services on that hosting environment (e.g. it could be used for multiple GRAM job submissions or across GRAM and RFT submissions.) It also provides a means for credential renewal.
Features new in GT 4.1.0
- Added support for GetResourceProperties and QueryResourceProperties interface
Other Supported Features
- Provides an interface for the delegation and renewal of credentials to a host.
- Allows for a single delegated credential to be reused across multiple service invocations (e.g. GRAM jobs).
Deprecated Features
- None.
The following changes have occurred for Delegation Service since the last stable release, 4.0.2:
- Added support for GetResourceProperties and QueryResourceProperties interface. This allows for client to query for the lifetime of the delegated credential.
The command line client options have been changed to use options that are standard across the toolkit. Note that all features that were supported before are still supported, but some of the option names have changed.
- Bug 2973: Delegation clients have inconsistent arguments
- Bug 2978: Delegation suceeds of client does not authorize server
- Bug 3077: Issues with globus-credential-delegate and globus-credential-refresh
- Bug 3955: Service must release all of its resources on deactivation
- Bug 4300: Delegation Service does not implement GetRP interface
The following problems and limitations are known to exist for the Delegation Service at the time of the 4.1.0 release:
- Bug 3145 Persisted credentials that have expired and are never accessed are not cleaned up from disk.
The Delegation Service depends on the following GT components:
- WS Authentication and Authorization
- Java WS Core
The Delegation Service depends on the following 3rd party software:
- Apache Axis
Tested Platforms for Delegation Service
- Windows XP
- Linux (Red Hat 7.3)
Tested Containers for Delegation Service
- Java WS Core container
- Tomcat 5.0.30
- WS-Security
- WS-Security: X.509 Certificate Tokens
- WS-Trust
- RFC 3820 Proxy Certificates
See Delegation Service for more information about this component.