GT 4.2.1: Grid Security Infrastructure in C (GSI C)


The Globus Toolkit Pre-Web Services Authentication and Authorization component provides APIs and tools for authentication, authorization and certificate management. The authentication API is built using Public Key Infrastructure (PKI) technologies, e.g. X.509 Certificates and TLS. In addition to authentication it features a delegation mechanism based upon X.509 Proxy Certificates. Authorization support takes the form of a couple of APIs. The first provides a generic authorization API that allows callouts to perform access control based on the client's credentials (i.e. the X.509 certificate chain). The second provides a simple access control list that maps authorized remote entities to local (system) user names. The second mechanism also provides callouts that allow third parties to override the default behavior and is currently used in the Gatekeeper and GridFTP servers. In addition to the above there are various lower level APIs and tools for managing, discovering and querying certificates .

The following guides are available for this component:
The Globus Toolkit 4 Programmer's Tutorial Useful tutorial about programming with Web Services in GT4.
Security Key Concepts For important general concepts. [pdf]
Admin Guide For system administrators and those installing, building and deploying GT. You should already have read the Installation Guide and Quickstart. [pdf]
User's Guide Describes how end-users typically interact with this component. Be sure to also read the GT User Guide for important general information for end-users. [pdf]
Developer's Guide Reference and usage scenarios for developers. [pdf]
Other information available for this component are:
Release Notes What's new with the 4.2.1 release for this component. [pdf]
Public Interface Guide Information for all public interfaces (including APIs, commands, WSDL, etc). Please note this is a subset of information in the Developer's Guide. [pdf]
Quality Profile Information about test coverage reports, etc. [pdf]
Migrating Guide Information for migrating to this version if you were using a previous version of GT. [pdf]
All GSI C Guides (PDF only) Includes all GSI C guides except Public Interfaces (which is a subset of the Developer's Guide)

Glossary

P

proxy certificate

A short lived certificate issued using a EEC. A proxy certificate typically has the same effective subject as the EEC that issued it and can thus be used in its place. GSI uses proxy certificates for single sign on and delegation of rights to other entities.

For more information about types of proxy certificates and their compatibility in different versions of GT, see http://dev.globus.org/wiki/Security/ProxyCertTypes.

public key

The public part of a key pair used for cryptographic operations (e.g. signing, encrypting).