GT 5.0.4: Security


Security tools are concerned with establishing the identity of users and/or services (authentication), protecting the integrity and privacy of communications (message protection), determining and enforcing who is allowed to perform what actions on what resources (authorization), and provide (secure) logs to verify that the correct policy is enforced (accounting allows for auditing of policy compliance). It also includes supporting functions such as managing user credentials, maintaining group membership information, administering access rights, etc.

GT5 provides distinct WS and non-WS authentication and authorization capabilities. Both build on the same base, namely the standard X.509 end-entity and proxy certificates, which are used to identify persistent entities such as users and servers and to support the temporary delegation of privileges to other entities. Note that you can find information about the non-WS authentication and authorization capabilities under the GSI documentation (below).

If you want to:see:
Install and configure GSI Security
Obtain certificates Obtaining host certificates
Add authorization with a gridmap file Section 3, “Add authorization”, Section 4, “Configuring Credential Mappings” and Globus Toolkit Gridmap Processing
Use firewalls with GSI Firewall HowTo
Learn about the types of proxy certificates used in GT Proxy Cert Types
Manage proxy certificates, use security for non-WS componentsUser's Guide
Manage credentials by storing proxies in a repositoryMyProxy
Run your own simple Certificate Authority (CA)SimpleCA
Use a single-signon remote loginGSI-OpenSSH

Glossary