gsi in lb comp
Download
Skip this Video
Download Presentation
GSI in LB & comp.

Loading in 2 Seconds...

play fullscreen
1 / 6

GSI in LB & comp. - PowerPoint PPT Presentation


  • 73 Views
  • Uploaded on

GSI in LB & comp. Daniel Kouřil EMI Security Workshop, May 25th, 2010. Multiple Notions of GSI. The „enhanced“ SSL protocol? The Globus libraries? The Globus GSS API? Which one is unwanted?. L&B. Org.glite.security.gss – encapsulates all communication functions, including security

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'GSI in LB & comp.' - yoko


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
gsi in lb comp

GSI in LB & comp.

Daniel Kouřil

EMI Security Workshop, May 25th, 2010

multiple notions of gsi
Multiple Notions of GSI
  • The „enhanced“ SSL protocol?
  • The Globus libraries?
  • The Globus GSS API?
  • Which one is unwanted?
slide3
L&B
  • Org.glite.security.gss – encapsulates all communication functions, including security
  • Implemented using Globus and its GSS API
    • Smooth transition to Kerberos achieved
  • The „SSL-compatible“ mode enforced
    • No delegation (not needed)
    • SSL compatibility on the wire
      • Server is able to server browser and plain openssl clients
proxy renewal
Proxy Renewal
  • No authenticated interfaces exposed
    • No communication security
  • Heavily use of Globus libraries for proxy management
    • Generation, signing, …
  • Requires MyProxy, which uses standard GSI protocol
    • However, delegation done in the application protocol
    • An implemention of MyProxy above plain OpenSSL available
gridsite
Gridsite
  • New responsibility in EMI
    • Not fully familiar yet
  • Globus used at build-time to load openssl libraries
  • Delegation routines use OpenSSL calls
    • Simple exchange of standard messages over SOAP
summary
Summary
  • No direct use the GSI protocol
    • Besides MyProxy
  • Globus libraries used at several critical parts
    • Tuned and well-tested L&B communication
    • Any changes at this level are obviously critical
  • GSSAPI proven useful
    • Portability to Kerberos achieved in production
ad