1 / 6

GSI in LB & comp.

GSI in LB & comp. Daniel Kouřil EMI Security Workshop, May 25th, 2010. Multiple Notions of GSI. The „enhanced“ SSL protocol? The Globus libraries? The Globus GSS API? Which one is unwanted?. L&B. Org.glite.security.gss – encapsulates all communication functions, including security

yoko
Download Presentation

GSI in LB & comp.

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. GSI in LB & comp. Daniel Kouřil EMI Security Workshop, May 25th, 2010

  2. Multiple Notions of GSI • The „enhanced“ SSL protocol? • The Globus libraries? • The Globus GSS API? • Which one is unwanted?

  3. L&B • Org.glite.security.gss – encapsulates all communication functions, including security • Implemented using Globus and its GSS API • Smooth transition to Kerberos achieved • The „SSL-compatible“ mode enforced • No delegation (not needed) • SSL compatibility on the wire • Server is able to server browser and plain openssl clients

  4. Proxy Renewal • No authenticated interfaces exposed • No communication security • Heavily use of Globus libraries for proxy management • Generation, signing, … • Requires MyProxy, which uses standard GSI protocol • However, delegation done in the application protocol • An implemention of MyProxy above plain OpenSSL available

  5. Gridsite • New responsibility in EMI • Not fully familiar yet • Globus used at build-time to load openssl libraries • Delegation routines use OpenSSL calls • Simple exchange of standard messages over SOAP

  6. Summary • No direct use the GSI protocol • Besides MyProxy • Globus libraries used at several critical parts • Tuned and well-tested L&B communication • Any changes at this level are obviously critical • GSSAPI proven useful • Portability to Kerberos achieved in production

More Related