Table of Contents
The Authorization Framework component provides a framework for container level authorization. It allows chains of authorization modules with well defined interfaces to be associated with various entities, e.g. services, in the container. It also provides multiple different authorization module implementations, ranging from support for gridmap based authorization to a module that uses the SAML protocol to query a external service for an authorization decision.
Features new in GT 4.0
- A SAML callout authorization module enables outsourcing of authorization decisions to an authorization service (e.g. PERMIS).
Other Supported Features
- Authorization based on
grid-mapfile
and other access control lists. - Ability to implement custom authorization modules.
Deprecated Features
- None
We no longer invoke any authorization modules when a method is invoked and the service or resource does not impose any authentication requirements on said method.
The WS Authentication and Authorization component depends on the following GT components:
- WS Authentication and Authorization Message-Level Security
The WS Authentication and Authorization component depends on the following 3rd party software:
- OpenSAML
Tested Platforms for WS Authorization Framework:
- Linux (Red Hat 7.3)
- Windows 2000
- Solaris 9
Protocol changes in the Authorization Framework since GT 3.2
- Addition of the SAML authorization callout
API changes since GT 3.2
- None
Exception changes since GT 3.2
- None
Schema changes since GT 3.2
- None
Click here for more information about this component.