- Doc Structure
- A Globus Primer
- Installing GT
- Platform Notes
- Migrating from GT2
- Migrating from GT3
- PDF version
- Best Practices
- Coding Guidelines
- API docs
- Public Interfaces
- Resource Properties
- Performance Studies
Table of Contents
The Globus Toolkit Pre-Web Services Authentication and Authorization component provides APIs and tools for authentication, authorization and certificate management.
The authentication API is built using Public Key Infrastructure (PKI) technologies, e.g. X.509 Certificates and TLS. In addition to authentication it features a delegation mechanism based upon X.509 Proxy Certificates.
Authorization support takes the form of a couple of APIs. The first provides a generic authorization API that allows callouts to perform access control based on the client's credentials (i.e. the X.509 certificate chain). The second provides a simple access control list that maps authorized remote entities to local (system) user names. The second mechanism also provides callouts that allow third parties to override the default behavior and is currently used in the Gatekeeper and GridFTP servers.
In addition to the above there are various lower level APIs and tools for managing, discovering and querying certificates .
Features new in GT 4.1.0
Other Supported Features
- Authentication of user using standard X.509 End Entity and Proxy Certificates.
- Delegation using X.509 Proxy Certificates.
- Pluggable authorization based on the client's certificate chain for GridFTPD and Pre-WS GRAM.
- Pluggable authorization for Pre-WS GRAM based on the RSL of the job.
Other than bug fixes, no changes have occurred for Pre-WS Authorization & Authentication since the last stable release, 4.0.2.
The following problems and limitations are known to exist for Pre-WS Authentication & Authorization at the time of the 4.1.0 release:
The Pre-WS Authentication and Authorization component depends on the following GT components:
- C Common Libraries
The Pre-WS Authentication and Authorization component depends on the following 3rd party software:
Protocol changes in Pre-WS Authentication and Authorization since GT 4.0.2
API changes since GT 4.0.2
Exception changes since GT 4.0.2
- Not applicable
Schema changes since GT 4.0.2
- Not applicable
Associated standards for Pre-WS Authentication & Authorization:
See Pre-WS Authentication and Authorization for more information about this component.