|NeSC Bibliographic Database|
The GridSite Security Framework
Appeared in: Proceedings of the UK e-Science All Hands Conference 2005 website: http://www.allhands.org.uk/2005/
Publisher: Engineering and Physical Sciences Research Council
Field of Science: e-Science
Abstract: We describe the architecture of the GridSite system, which adds support for several Grid security protocols to the Apache web server platform. These include the Globus GSI authentication system, GACL and XACML access policy files, and DN Lists and VOMS group memberships. The system was originally developed for controlling access to Web sites using Grid credentials, but has now been extended to support Web Services written in any of the languages which can be hosted by Apache. We use the example of a proxy delegation service developed in conjunction with the EGEE project to explain how such Web Services can be built using GridSite/Apache and a SOAP toolkit such as gSOAP. To support high speed access to large data files, GridSite also supports an HTTP Downgrade protocol, which we present. Finally, we describe GridSite's method of using Unix pool accounts to provide partial “sandboxing” of services, which allows remote users to deploy services in the form of scripts and native executables into a third-party hosting service built with GridSite. A model we refer to as GRACE.
Keywords: e-Science, AHM 2005
|Last Updated: 22 Jun 12 11:02|