Enhancing Authorization in Grid Systems with LCAS and LCMAPS Frameworks
This document explores the Gridification framework utilizing the Local Centre Authorization Service (LCAS) and Local Credential Mapping Service (LCMAPS) for efficient policy-based authorization in grid computing environments. It outlines how LCAS offers a plug-able framework with a separate daemon for managing access control, while LCMAPS maps credentials and roles to local accounts. Support for AFS and Kerberos tokens is highlighted, along with library implementations that enhance gridmapdir functionality. The need for a modified Gatekeeper, improved error handling, and user-friendly messages is also discussed.
Enhancing Authorization in Grid Systems with LCAS and LCMAPS Frameworks
E N D
Presentation Transcript
Gridification • LCAS: Local Centre AuthZ Service • Policy-based authorization • Plug-able framework • Separate daemon • LCMAPS: Local Credential MAPping Service • Maps credentials and roles to local accounts and capabilities • Support for AFS, Kerberos tokens • Library implementation • Enhances gridmapdir • Requires modified Gatekeeper • Improved error&status handling • Getting a useful message to the user • Job repository, FLIDS, FABNAT > EDG 2.x Gatekeeper LCAS config TLS auth ACL IPC timeslot LCAS client gridmap LCMAPS lib LCMAPS config apply creds * role2uid Jobmanager-* role2afs * And store in job repository
