GT4 WS AA Authorization Framework Release Notes

Table of Contents

1. Component Overview
2. Feature Summary
3. Changes Summary
3.1. Authorization when no authentication is required
3.2. Internationalization
3.3. Typo X509_FORMAT constant in SAMLAuthorizationConstants
4. Bug Fixes
5. Known Problems
6. Technology Dependencies
7. Tested Platforms
8. Backward Compatibility Summary
9. For More Information

1. Component Overview

The Authorization Framework component provides a framework for container level authorization. It allows chains of authorization modules with well defined interfaces to be associated with various entities, e.g. services, in the container. It also provides multiple different authorization module implementations, ranging from support for gridmap based authorization to a module that uses the SAML protocol to query a external service for an authorization decision.

2. Feature Summary

Features new in GT 4.0

  • A SAML callout authorization module enables outsourcing of authorization decisions to an authorization service (e.g. PERMIS).

Other Supported Features

  • Authorization based on grid-mapfile and other access control lists.
  • Ability to implement custom authorization modules.

Deprecated Features

  • None

3. Changes Summary

3.1. Authorization when no authentication is required

We no longer invoke any authorization modules when a method is invoked and the service or resource does not impose any authentication requirements on said method.

3.2. Internationalization

The authorization framework code has been internationalized.

3.3. Typo X509_FORMAT constant in SAMLAuthorizationConstants

The typo in the above constants has been fixed. This implies that if the framework is run against an Authorization Service written using previous versions of the toolkit (that use this constant), the comparison will fail.

4. Bug Fixes

  • Bug 2367: No relative path for grid-mapfile in Security Descriptor.
  • Bug 3187: typo in X509_FORMAT constant in SAML Authorization constants.

5. Known Problems

None

6. Technology Dependencies

The WS Authentication and Authorization component depends on the following GT components:

  • WS Authentication and Authorization Message-Level Security

The WS Authentication and Authorization component depends on the following 3rd party software:

  • OpenSAML

7. Tested Platforms

Tested Platforms for WS Authorization Framework:

  • Linux (Red Hat 7.3)
  • Windows 2000
  • Solaris 9

8. Backward Compatibility Summary

Protocol changes in the Authorization Framework since GT 3.2

  • Addition of the SAML authorization callout

API changes since GT 3.2

  • None

Exception changes since GT 3.2

  • None

Schema changes since GT 3.2

  • None

9. For More Information

Click here for more information about this component.