Software Links
Getting Started
- Doc Structure
- A Globus Primer
- Globus Is Modular!
- Quickstart
- Installing GT
- Platform Notes
- GT Developer's Guide
- GT User's Guide (coming soon)
- Migrating from GT2
- Migrating from GT3
Reference
- Best Practices
- Coding Guidelines
- API docs
- Public Interfaces (coming soon)
- Resource Properties
- Samples
- Glossary
- Performance Studies (coming soon)
Manuals
Common Runtime
Security
- Non-WS (General) Security
- WS Java Security
- Message-level
- Authz Framework
- CAS
- Delegation Service
- MyProxy
- GSI-OpenSSH
- SimpleCA
- SGAS
Data Mgt
MDS4
Execution Mgt
C
- Certificate Authority ( CA )
An entity that issues certificates. [re: security - olink to useful page]
- CA Certificate
The CA's certificate. This certificate is used to verify signature on certificates issued by the CA. GSI typically stores a given CA certificate in
/etc/grid-security/certificates/, where <hash> is the hash code of the CA identity.<hash>.0- CA Signing Policy
The CA signing policy is used to place constraints on the information you trust a given CA to bind to public keys. Specifically it constrains the identities a CA is trusted to assert in a certificate. In GSI the signing policy for a given CA can typically be found in
/etc/grid-security/certificates/, where <hash> is the hash code of the CA identity. For more information see [add link].<hash>.signing_policy
E
G
- GAA configuration file
A file that configures the Generic Authorization and Access control GAA libraries. When using GSI [term not well described in gt4], this file is typically found in
/etc/grid-security/gsi-gaa.conf.- grid map file
A file containing entries mapping certificate subjects to local user names. This file can also serve as a access control list for GSI enabled services and is typically found in
/etc/grid-security/grid-mapfile. For more information see the [Gridmap file in Pre-WS Authorization & Authentication Developer's Guide ("Environmental Variables" section)].- grid security directory
The directory containing GSI configuration files such as the GSI authorization callout configuration and GAA configuration files. Typically this directory is
/etc/grid-security. For more information see [Grid security directory in Pre-WS Authorization & Authentication Developer's Guide ("Environmental Variables" section)].- GSI authorization callout configuration file
A file that configures authorization callouts to be used for mapping and authorization in GSI enabled services. When using GSI this file is typically found in
/etc/grid-security/gsi-authz.conf.
H
- host certificate
An EEC belonging to a host. When using GSI this certificate is typically stored in
/etc/grid-security/hostcert.pem. For more information on possible host certificate locations see the [Pre-WS Authentication & Authorization Developer's Guide ("Environmental Variables" section) on Credentials].- host credentials
The combination of a host certificate and its corresponding private key.
P
- private key
The private part of a key pair. Depending on the type of certificate the key corresponds to it may typically be found in
$HOME/.globus/userkey.pem(for user certificates),/etc/grid-security/hostkey.pem(for host certificates) or/etc/grid-security/(for service certificates).<service>/<service>key.pemFor more information on possible private key locations see [Credentials in the Pre-WS Authentication & Authorization Developer's Guide ("Environmental Variables" section)].
- proxy certificate
A short lived certificate issued using a EEC. A proxy certificate typically has the same effective subject as the EEC that issued it and can thus be used in its place. GSI uses proxy certificates for single sign on and delegation of rights to other entities.
For more information about types of proxy certificates and their compatibility in different versions of GT, see http://dev.globus.org/wiki/Security/ProxyCertTypes.
- proxy credentials
The combination of a proxy certificate and its corresponding private key. GSI typically stores proxy credentials in
/tmp/x509up_u, where <uid> is the user id of the proxy owner.<uid>
S
- service certificate
A EEC for a specific service (e.g. FTP or LDAP). When using GSI this certificate is typically stored in
/etc/grid-security/. For more information on possible service certificate locations, see [Credentials in the Pre-WS Authentication & Authorization Developer's Guide ("Environmental Variables" section)].<service>/<service>cert.pem- service credentials
The combination of a service certificate and its corresponding private key.
T
- trusted CAs directory
The directory containing the CA certificates and signing policy files of the CAs trusted by GSI. Typically this directory is
/etc/grid-security/certificates. For more information see Grid security directory in the [Pre-WS A&A Developer's Guide ("Environmental Variables" section)].
U
- user certificate
A EEC belonging to a user. When using GSI, this certificate is typically stored in
$HOME/.globus/usercert.pem. For more information on possible user certificate locations, see [Credentials in the Pre-WS A&A Developer's Guide ("Environmental Variables" section)].- user credentials
The combination of a user certificate and its corresponding private key.