GT4 Delegation Service Release Notes

Table of Contents

1. Component Overview
2. Feature Summary
3. Changes Summary
3.1. New command line client names
3.2. API Changes
3.3. Transport security is used by default
3.4. Internationalization
3.5. Grid map file not specified by default
4. Bug Fixes
5. Known Problems
6. Technology Dependencies
7. Tested Platforms
8. Backward Compatibility Summary
9. For More Information

1. Component Overview

The Delegation Service is a new component in Globus Toolkit 4.0. This component provides an interface for delegation of credentials to a hosting environment. This enables a single delegated credential to be shared across multiple invocations of services on that hosting environment (e.g. it could be used for multiple GRAM job submissions or across GRAM and RFT submissions.) It also provides a means for credential renewal.

2. Feature Summary

Features new in GT 4.0

  • Provides an interface for the delegation and renewal of credentials to a host.
  • Allows for a single delegated credential to be reused across multiple service invocations (e.g. GRAM jobs).

Other Supported Features

  • The Delegation Service is a new component in GT 4.0.

Deprecated Features

  • The Delegation Service is a new component in GT 4.0.

3. Changes Summary

3.1. New command line client names

The command line scripts have changed names to "globus-credential-delegate" and "globus-credential-refresh".

3.2. API Changes

  • The function getTokenFromRequest() was removed from the public API.
  • A function for delegating a credential whose lifetime is equal to that of the issuing credential was added to the DelegationUtil class.
  • Function signatures were changed to take a client security descriptor parameter.

3.3. Transport security is used by default

The transport security (HTTPS) mechanism is now assumed as the default security mechanism. Delegation service clients will now automatically use this mechanism and will fall back to GSI Secure Message if pointed at an HTTP endpoint.

3.4. Internationalization

The delegation service has been internationalized.

3.5. Grid map file not specified by default

Delegation service is not configured with a grid map file location by default.

4. Bug Fixes

  • File permissions for persisted delegated credentials are now set before writing the credentials to disk.
  • Bug 2537: globus-credential-delegate should honor -help
  • Bug 2581: NPE in DelegationResource
  • Bug 2575: ConcurrentModificationException
  • Bug 2964: Command line option "-m" in delegate client
  • Bug 2966: Command line option "-d" in delegate client
  • Bug 3076: ArrayOutOBounds in delegate client when no argument is passed

5. Known Problems

  • Persisted credentials that have expired and are never accessed are not cleaned up from disk. Bug 3145.
  • Inconsistency in delegation client command line arguments. Bug 3077 and Bug 2973.

6. Technology Dependencies

The Delegation Service depends on the following GT components:

  • WS Authentication and Authorization
  • Java WS Core

The Delegation Service depends on the following 3rd party software:

  • Apache Axis

7. Tested Platforms

Tested Platforms for Delegation Service

  • Windows XP
  • Linux (Red Hat 7.3)

Tested Containers for Delegation Service

  • Java WS Core container
  • Tomcat 5.0.30

8. Backward Compatibility Summary

The Delegation Service is a new component in GT 4.0

9. For More Information

Click here for more information about this component.