Bug 6542

Summary: Modify Delegation Service/Resource authorization to be configurable
Product: Delegation Service Reporter: Rachana Ananthakrishnan <ranantha@mcs.anl.gov>
Component: CampaignAssignee: Rachana Ananthakrishnan <ranantha@mcs.anl.gov>
Status: NEW    
Severity: normal CC: bester@mcs.anl.gov, childers@mcs.anl.gov, franks@mcs.anl.gov
Priority: P3 Keywords: OSG/EGEE_Authz_Interop
Version: 4.2.1   
Target Milestone: ---   
Hardware: PC   
OS: Windows XP   

Description From 2008-11-14 09:12:03
Definition: Modify Delegation Service and resource to provide configurable
authorization and remove dependency on GridMap authorization. Test against an
external authorization service, GUMS. Details on current infrastructure and
requirements are described here:
http://docs.google.com/Doc?id=dfkt44p2_5djmh6dgs

1. Delegation Resource should allow for configurable resource security
descriptor, such that authorization mechanism can be configured. This requires
changes to the Delegation Home, to set up the configured authorization and
policy during resource creation.

2. Dependency on presence of GridMap object should be removed. Use of GridMap
authorization as resource authorization should be default configuration for
backwards compatibility.

3. Test scenario:
- Delegation Factory Service configured with Delegation Service PIPs and XACML
Authorization Callout PDP to talk to GUMS
- Delegation resources configured with Access Control List of DN used to create
the delegated resource.
- Client 1 and Client 2 mapped to same local account in GUMS server. 
- Client 1 delegates a credential
- Client 2 attempts to destroy the credential, should fail
- Client 1 should be able to refresh and destroy the credential.

5. Merge code to 4.2 branch and trunk

6. Documentation update