6526 2008-11-04 17:04 Develop callouts for GridFTP to use GUMS for authorization 2010-01-12 14:36:42 1 1 1 Unclassified GridFTP Campaign 4.2.0 PC Windows XP NEW OSG/EGEE_Authz_Interop P3 normal --- 1 ranantha@mcs.anl.gov mlink@mcs.anl.gov bresnaha@mcs.anl.gov garzogli@fnal.gov mlink@mcs.anl.gov okoeroo@nikhef.nl ranantha@mcs.anl.gov 2008-11-04 17:04:20 Definition: OSG is moving towards compliance with OSG/EGEE Authorization Interoperability Profile. GridFTP provides an authorization callout interface to allow pluggable authorization. A callout needs to be designed and developed to allow GridFTP to use GUMS as the authorization service. Tasks: o Determine the OSG/EGEE Authorization Interoperability Profile attributes required for GUMS to authorize GridFTP requests. o Design and develop callout that constructs an XACML Authorization Request to query GUMS with relevant attributes. This should leverage the Globus XACML Authorization C library and potentially leverage PRIMA code base. o Test against OSG GUMS server with XACML interface o Merge code to trunk and GT 4.2 branch o Update documentation Resources: - OSG/EGEE Authz Interoperability Profile: https://edms.cern.ch/document/929867/1 - C XACML Library: http://www.mcs.anl.gov/~bester/xacml/ - PRIMA: cvs -d :pserver:anonymous@cdcvs.fnal.gov:/cvs/cd_read_only co privilege/prima/build or via web http://cdcvs0.fnal.gov/cgi-bin/public-cvs/cvsweb-public.cgi/privilege/prima/build/ The new globus plugin is in prima-autz-module/prima_module_build_scas.c ranantha@mcs.anl.gov 2010-01-12 14:36:42 Apparently the direction being taken is to use the LCAS/LCMAPS code rather than the PRIMA library, for GUMS client.