Bugzilla – Bug 6542
Modify Delegation Service/Resource authorization to be configurable
Last modified: 2008-11-14 09:50:15
You need to
before you can comment on or make changes to this bug.
Definition: Modify Delegation Service and resource to provide configurable
authorization and remove dependency on GridMap authorization. Test against an
external authorization service, GUMS. Details on current infrastructure and
requirements are described here:
1. Delegation Resource should allow for configurable resource security
descriptor, such that authorization mechanism can be configured. This requires
changes to the Delegation Home, to set up the configured authorization and
policy during resource creation.
2. Dependency on presence of GridMap object should be removed. Use of GridMap
authorization as resource authorization should be default configuration for
3. Test scenario:
- Delegation Factory Service configured with Delegation Service PIPs and XACML
Authorization Callout PDP to talk to GUMS
- Delegation resources configured with Access Control List of DN used to create
the delegated resource.
- Client 1 and Client 2 mapped to same local account in GUMS server.
- Client 1 delegates a credential
- Client 2 attempts to destroy the credential, should fail
- Client 1 should be able to refresh and destroy the credential.
5. Merge code to 4.2 branch and trunk
6. Documentation update