6b49bdca00f810d734ae98306fc9b2c0.ppt
- Количество слайдов: 6
Shib. Vom. GSite by Joseph Olufemi Dada & Andrew Mc. Nacb School of Physics & Astronomy The University of Manchester England, UK 1
Introduction Shib. Vom. GSite is framework for the integration of Shibboleth, VOMS and Grid. Site It is a sub-project under the Grid. Site project funded by the Grid. PP & PPARC Presented at the last shibgrid Bo. F as Shibboleth and Grid. Site Integration Project Grid. Site was initially developed for managing and formatting the content of Grid. PP websites Grid. Site authentication and authorization/access control are based on X. 509 certificate and GACL 2
Motivation/Use Cases Eliminate the need for users installing certificate on every computer before using Grid. Site resources Access any Grid. Site resource with single username/password Attribute based authorization to Grid. Site VOMS as attribute repository to Shibboleth 3
Shib. Vom. GSite Components My. Identity Service • Carries out authentication of users using certificate • Issue a time limited username and password to users • Bind the username/password to users' DN and CA's DN in a database Voms Attribute Service for Grid/Grid. Site and Shibboleth (VASGS) • Consists of VASGS-VOMAttribute Web Service that resides with VOMS server and VASGS-Connector Plug. In for Id. P connection to the VASGS Web Service Grid. Site Authorization Module for Shibboleth and Apache Server (GAMAS) 4 • It interfaces with the SP and Apache Server to carry out authorization of users based on user's attributes
Shib. Vom. GSite Architecture 3. User authentication 5. Retrieves user's DN & CA's DN 6. Request for user's attributes 9. Authorization decision 7. User's attributes 4. Request for attributes using Handle Origin site 2. Redirect user for authentication 5 1. Resource access request 10. Access to resources Target site 8. User’s attributes & authorization decision request
Conclusion Provides username/password support and attribute-based authorization to Grid. Site No need to install certificate on every computer My. Identity service binds user’s DN and CA’s DN with the username and time limited password in a database VASGS service enables VOMS server to act as attribute repository to Id. P GAMAS/Grid. Site takes over the authorization process from SP A prototype has been implemented A paper on the project is to be presented at the UK e. Science All Hands Meeting 2006 in Nottingham, UK 6
6b49bdca00f810d734ae98306fc9b2c0.ppt