1 / 4

Advancements in GridSite: G-HTTPS and Access Management Updates

The latest GridSite 0.9 update enhances file and website access management with G-HTTPS support, allowing users and administrators to load GSI certificates and keys directly into standard web browsers. This version merges the interactive features of GridSite 0.3 with programmatic functions of fileGridSite. Key enhancements include access control mechanisms via Access Control Lists (ACLs), page formatting through the Apache module mod_gridsite, and site administration tools such as grst-admin.cgi and grst-proxy.cgi. The update supports third-party file transfer and website hosting on the same server.

catori
Télécharger la présentation

Advancements in GridSite: G-HTTPS and Access Management Updates

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. GridSite and G-HTTPS update Andrew McNab, University of Manchester mcnab@hep.man.ac.uk

  2. GridSite 0.3/fileGridSite => GridSite 0.9 • GridSite manages access to websites and HTTP(S) fileservers • Users and admins load GSI cert + key into unmodified web browsers • GridSite used by EDG Testbed website, GridPP and e-Science ETF + Level 2 Grid support websites in the UK. • ACLs control read and write access to files and directories • Write access either by HTML forms (interactive) or HTTP PUT / DELETE (programmatic) • GridSite 0.9 merges interactive GridSite 0.3 functionality with programmatic functionality of fileGridSite. • Basic access control, page formatting and PUT/DELETE now done by Apache module: mod_gridsite. • Standalone grst-admin.cgi and grst-proxy.cgi provide site admin and G-HTTPS (delegation and 3rd party transfer) support. • Can host websites, fileserving and Grid/Web Services on same server.

  3. (Red = As of 17/Feb/03, not yet implemented.) GridSite 0.9 architecture grst-admin.cgi: page editing, file upload, ACL editing etc. grst-proxy.cgi: G-HTTPS, 3rd party COPY, proxy GET + PUT mod_gridsite: .html headers and footers .shtml, mod_perl CGI, PHP mod_jk: JSP with Tomcat mod_gridsite: PUT, DELETE, MOVE mod_gridsite: GACL access control + GACL > env vars HTTP mod_ssl: plain HTTPS > env vars mod_ssl-GSI: HTTPS with GSI+VOMS+CAS> env vars

  4. G-HTTPS • grst-proxy.cgi now has example G-HTTPS implementation • (previously in fileGridSite) • GET-PROXY-REQ and PUT-PROXY-CERT for delegation • COPY between remote HTTPS host and webserver using delegated proxy • grst-proxy-put command line tool • real work for the above done by functions in libgridsite, built directly on OpenSSL: C/C++ API to appear. • G-HTTPS spec exists in draft form • see post to wp7-security list • Negotiated a 15 minutes slot about HTTPS extensions in GGF Data Transport RG meeting => some kind of document; more people.

More Related