Download
1 / 4
40 likes | 163 Vues
This document outlines the evolution of GGUS user authentication processes since its inception. Initially permitting registration with just a username and password, stricter measures were implemented in January 2012, requiring a certificate due to an influx of spam accounts. Users must be authenticated, and the reliance solely on SSO (Single Sign-On) accounts is deemed insufficient. The implementation of X.509 authentication for WLCG users is emphasized, alongside alternative trustworthy methods like Shibboleth, already utilized within the xGUS system for the SWISS instance.
E N D
GGUS user authentication Helmut Dres (GGUS) Guenter Grein (GGUS) 05-02-2013 GGUS user authentication
History • Registration with username and password possible since beginning of GGUS • Certificate required for registration since January 2012 after recognizing several spam accounts in the system • https://savannah.cern.ch/support/?func=detailitem&item_id=125360 • Access with username/password still possible GGUS user authentication
Requirements • Users must be authenticated! • SSO account and membership of SSO groups is not sufficient and not comfortable • Keep X.509 authentication for WLCGusers • Other authentication processes as an alternative to X.509 GGUS user authentication
Ideas • Shibboleth • Already implemented in xGUS for the SWISS instance • Any other (federated) authenticationprocessthatistrustworthy GGUS user authentication
