This section provides details about some of the features of the C and Java GSI implementations.
Table 1. GT 4.0 Security Features
Area | Supported Feature | GT4 C Code | GT4 Java Code |
---|---|---|---|
Proxy Certificate | Authentication with RFC 3820 compliant proxy certificates | Yes | Yes |
Authentication with Globus (old OID) proxy certificates | Yes | Yes | |
Authentication with legacy (GT2) proxy certificates | Available, but unsupported | Available, but unsupported | |
Delegation of proxy certificates | Yes | Yes | |
X.509 Extensions | Extended Key Usage Extension | Yes | No |
CA Support | CA Signing Policy | Yes | No |
Configurable trust roots (CA certificates) | Yes | Yes | |
Revocation | CRLs | Yes | Yes |
OCSP | No | No | |
GSSAPI | GSSAPI | Yes, refer to RFC 2744 | Yes |
GSSAPI extensions | Yes | Yes | |
Integrity protection of user data | Yes | Yes | |
Authorization | User Authorization using grid map file | Yes | Yes |
Client-side authorization of service using hostname | Yes | Yes | |
Client-side authorization of service with wildcard matching of hostnames (e.g foo matches foo-*, foo-1, foo-bar etc) | Yes | Yes | |
CAS Support | Only in GridFTP | No | |
Kerberos | Relinking with Kerberos instead of PKI | Yes (kludgey) | Theoretically as part of Java 1.4, but untested |
SOAP | SOAP independent message signing | Yes | Yes |
SOAP independent message encryption | Yes | Yes | |
Context establishment in SOAP | Yes | Yes | |
Secure SOAP dispatch headers | No | Yes |