Re: [gridsam-discuss] GridSAM security question

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Hi Dawid,

>The question is how to recognize
>each portal user in GridSAM service - I mean how to authenticate and
>authorize them. Because now every user can use portal access without
>restriction because GridSAM server can see only client with given
>keystore. What option do I have?  Can I send for example user DN and
>resolve it on the server side? something like GSI  where I can  provide
>user's  proxy credentials? Maybe I should use some omii server
>technology? I saw there some account service or something?
>
I normally include the myproxy element in the JSDL and insert the user's 
DN into the GridSAM's authorization.xml.  See the following link

http://gridsam.sourceforge.net/1.1/deploymentguide/auth.html

regards
Garry

dejw wrote:

>Hi Steve,
>
>thanks for replay, I didn't find any William Lee message concerning
>WS-Security. Have you any exmaples of  codes or something? How to use 
>gridsam API and use WS-Security with it? I wonder if I can use maybe
>globus proxy certificate inside WM-Security somehow. I would like to try
>to do this, what do you think?  So I should wait until Vesso will be
>available ?
>
>Dawid
>
>
>A.S.McGough napisał(a):
>  
>
>>Dear Dawid,
>>
>>Unfortunately Vesso who would know more about the security side is on
>>holiday at the moment, so I'll try to answer as best I can.
>>
>>GridSAM supports communication to the service through HTTPS - I'm
>>assuming that this is what you are using at the moment? It also
>>supports the use of WS-Security - which will allow you to use user
>>certificates when submitting jobs. This will allow you to perform user
>>Authentication and Authorisation.
>>
>>As for how to enable WS-Security if you look in the old archive of
>>this list I beleve William Lee explained this.
>>
>>Hope this is of help - if not feel free to get back in touch,
>>
>>steve..
>>
>>dejw wrote:
>>    
>>
>>>Hi,
>>>
>>>I am interesting to provide portal access to the GridSAM service. I have
>>>ready working client. I'm using omii stuff with keystore to create SSL
>>>connection between portal and service. The question is how to recognize
>>>each portal user in GridSAM service - I mean how to authenticate and
>>>authorize them. Because now every user can use portal access without
>>>restriction because GridSAM server can see only client with given
>>>keystore. What option do I have?  Can I send for example user DN and
>>>resolve it on the server side? something like GSI  where I can  provide
>>>user's  proxy credentials? Maybe I should use some omii server
>>>technology? I saw there some account service or something?
>>>
>>>Best Regards,
>>>Dawid Szejnfeld, PSNC
>>>
>>>
>>>-------------------------------------------------------------------------
>>>
>>>Take Surveys. Earn Cash. Influence the Future of IT
>>>Join SourceForge.net's Techsay panel and you'll get the chance to
>>>share your
>>>opinions on IT & business topics through brief surveys - and earn cash
>>>http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
>>>
>>>_______________________________________________
>>>GridSAM-Discuss mailing list
>>>Gri...@li...
>>>https://lists.sourceforge.net/lists/listinfo/gridsam-discuss
>>>  
>>>      
>>>
>>    
>>
>
>
>
>-------------------------------------------------------------------------
>Take Surveys. Earn Cash. Influence the Future of IT
>Join SourceForge.net's Techsay panel and you'll get the chance to share your
>opinions on IT & business topics through brief surveys - and earn cash
>http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
>_______________________________________________
>GridSAM-Discuss mailing list
>Gri...@li...
>https://lists.sourceforge.net/lists/listinfo/gridsam-discuss
>
>
>  
>