Abstract
Security tools are concerned with establishing the identity of users or services (authentication), protecting communications, and determining who is allowed to perform what actions (authorization), as well as with supporting functions such as managing user credentials and maintaining group membership information.
GT4 provides distinct WS and pre-WS authentication and authorization capabilities. Both build on the same base, namely standard X.509 end entity certificates and proxy certificates, which are used to identify persistent entities such as users and servers and to support the temporary delegation of privileges to other entities.
For more information about the security concepts behind GT4, see Security: Key Concepts.
For a comparison of features between Java and C code, see Security Features.
For firewall information, click here.
GT4’s WS security includes:
- Message-level Security [pdf] mechanisms, which implement the WS-Security standard and the WS-SecureConversation specification to provide message protection for GT4’s SOAP messages
- Transport-level Security [pdf] mechanisms, which use transport-level security (TLS) mechanisms; and
- an Authorization Framework [pdf] that allows for a variety of authorization schemes, including a “grid-mapfile” access control list, an access control list defined by a service, a custom authorization handler, and access to an authorization service via the SAML protocol.
For non-WS components, GT4 provides similar authentication, delegation, and authorization mechanisms, although with fewer authorization options. See the following components for more information:
- Community Authorization Service (CAS) [pdf]
- Delegation Service [pdf]
Credential Management
Utilities
- Pre-WS Authentication & Authorization [pdf]
Table of Contents
List of Tables