Table of Contents
The Authorization Framework component provides a framework for container level authorization. It allows chains of authorization modules with well defined interfaces to be associated with various entities, e.g. services, in the container. It also provides multiple different authorization module implementations, ranging from support for gridmap based authorization to a module that uses the SAML protocol to query a external service for an authorization decision.
Features new in GT 4.0
- A SAML callout authorization module enables outsourcing of authorization decisions to an authorization service (e.g. PERMIS).
Other Supported Features
- Authorization based on
grid-mapfile
and other access control lists. - Ability to implement custom authorization modules.
Deprecated Features
- None
Usability improvements for WS Authentication and Authorization Framework:
- Allow for specifying the grid map file location relative to the current directory or GLOBUS_LOCATION in the security descriptor.
- Provide logging output in the form of warning messages when any authorization scheme in the authorization chain denies access.
Protocol changes in the Authorization Framework since GT 3.2
- Addition of the SAML authorization callout
API changes since GT 3.2
- None
Exception changes since GT 3.2
- None
Schema changes since GT 3.2
- None
The WS Authentication and Authorization component depends on the following GT components:
- WS Authentication and Authorization Message-Level Security
The WS Authentication and Authorization component depends on the following 3rd party software:
- OpenSAML
Tested Platforms for WS Authorization Framework:
- Linux (Red Hat 7.3)
- Windows 2000
- Solaris 9
Associated standards for WS Authentication and Authorization Framework:
Click here for more information about this component.