Bug 6520 - Modify WS GRAM resource authorization to be configurable
: Modify WS GRAM resource authorization to be configurable
Status: RESOLVED WONTFIX
: GRAM
Campaign
: 4.2.1
: PC Windows XP
: P3 normal
: ---
Assigned To:
:
: OSG/EGEE_Authz_Interop
:
:
  Show dependency treegraph
 
Reported: 2008-11-04 13:43 by
Modified: 2012-09-05 13:39 (History)


Attachments


Note

You need to log in before you can comment on or make changes to this bug.


Description From 2008-11-04 13:43:58
Definition: Modify WS GRAM services and resource to provide configurable
authorization and remove dependency on GridMap authorization. Test against an
external authorization service, GUMS. Details on current infrastructure and
requirements are described here:
http://docs.google.com/Doc?id=dfkt44p2_5djmh6dgs

Tasks:

1. Managed Job Resources should allow for configurable resource security
descriptor, such that authorization mechanism can be configured. This requires
changes to the Managed Job Home, to set up the configured authorization and
policy during resource creation.

2. Dependency on presence of GridMap object should be removed and presence of a
local account mapping in peer subject should be the only requirement.

3. Use of GridMap authorization as resource authorization should be default
configuration for backwards compatibility.

4. Test scenario:
- WS GRAM factory configured with Execution Service PIPs and XACML
Authorization Callout PDP to talk to GUMS
- WS GRAM resources configured with Execution Service PIPs and two PDPS: XACML
Authorization Callout PDP to talk to GUMS and Local Account Access Control PDP.
Authorization decision involves obtaining mapping from GUMS and validating
presence in the Local Account Access Control PDP.
- Client 1 and Client 2 mapped to same local account in GUMS server. 
- Client 1 creates a job.
- Client 2 queries and destroys the job.

5. Merge code to 4.2 branch and trunk

6. Documentation update
------- Comment #1 From 2012-09-05 13:39:04 -------
Doing some bugzilla cleanup...  Resolving old GRAM3 and GRAM4 issues that are
no longer relevant since we've moved on to GRAM5.  Also, we're now tracking
issue in jira.  Any new issues should be added here:

http://jira.globus.org/secure/VersionBoard.jspa?selectedProjectId=10363