GT 6.0 GSI C Release Notes


1. Component Overview

The Globus Toolkit GSI C component provides APIs and tools for authentication, authorization and certificate management. The authentication API is built using Public Key Infrastructure (PKI) technologies, e.g. X.509 Certificates and TLS. In addition to authentication it features a delegation mechanism based upon X.509 Proxy Certificates. Authorization support takes the form of a couple of APIs. The first provides a generic authorization API that allows callouts to perform access control based on the client’s credentials (i.e. the X.509 certificate chain). The second provides a simple access control list that maps authorized remote entities to local (system) user names. The second mechanism also provides callouts that allow third parties to override the default behavior and is currently used in the Gatekeeper and GridFTP servers. In addition to the above there are various lower level APIs and tools for managing, discovering and querying certificates.

1.1. Feature summary

Features new in GT 6.0

  • None.

Other Supported Features

  • Uses internet-standard GSSAPI for security operations.
  • Supports certificate-based authentication, using both standard X.509 End Entity and Proxy Certificates.
  • Supports delegation of user rights to services using standard X.509 Proxy Certificates.
  • Supports authorization based on client certificate chains, including support for X.509v3 certificate extensions.
  • Provides tools for managing certificates, proxies, trust roots, and credential identity mapping tables.

Deprecated Features

  • None

1.2. Summary of Changes in GSIC

1.2.1. New Features: GSIC

  • globus-gssapi-gsi-11.16: Add new configuration options

1.2.2. Improvements: GSIC

  • More test cases

1.3. Fixed Bugs for GSIC

*

1.4. Known Problems in GSIC

  • GT-106: Free requirement for cred_get_subject_name not in API docs
  • GT-373: gridmap_eppn_callout doesn’t work with proxies
  • GT-449: GCMU Install Incomplete When Use Aborts via no response to not fully qualified domain question

1.5. Technology dependencies

The GSI C component depends on the following GT components:

  • C Common Libraries

The GSI C component depends on the following 3rd party software:

  • OpenSSL

1.6. Tested platforms

GSI C has been tested on the following platforms:

Table 1. Tested Platforms

Operating System Distribution Version(s) Architecture(s)

Linux

CentOS

5, 6

i386, x86_64

7

x86_64

Fedora

20, 21, 22

i386, x86_64

Red Hat Enterprise Linux

5, 6

i386, x86_64

7

x86_64

Scientific Linux

5, 6

i386, x86_64

7

x86_64

SUSE Linux Enterprise Server

11SP3

x86_64

Debian

6, 7, 8

i386, amd64

Ubuntu

12.04LTS, 14.04LTS, 14.10, 15.04

i386, amd64

Mac OS X

10.6-10.10

i386, x86_64

Solaris

OmniOS

r151006

x86_64

Windows 7

Cygwin

i386, x86_64

MingW64

i386, x86_64


1.7. Backward compatibility summary

Protocol changes in GSI C since GT 5.2

  • None

API changes since GT 5.2

  • None

Exception changes since GT 5.2

  • Not applicable

Schema changes since GT 5.2

  • Not applicable

1.8. Associated Standards

Associated standards for GSI C:

2. For More Information

See GSI C for more information about this component.