Difference between revisions of "AuthZ-Interop"
m |
m |
||
| (One intermediate revision by the same user not shown) | |||
| Line 1: | Line 1: | ||
| − | + | The AuthZ Interop group is a collaboration of [http://www.eu-egee.org/ EGEE], the [http://www.fnal.gov/docs/products/voprivilege/ VO Services ‘Privilege’ Project], [http://www.globus.org/ Globus], [http://www.cs.wisc.edu/condor/ Condor], and [http://vdt.cs.wisc.edu/ VDT], with contributions from ANL, BCCS, BNL, FNAL, INFN, Nikhef, Switch, UvA, and the UWMadison. | |
| + | |||
| + | The goal of the Authorization Interoperability activity is providing interoperability between | ||
middle ware and authorization infrastructures. This is achieved by agreeing on and | middle ware and authorization infrastructures. This is achieved by agreeing on and | ||
implementing an authorization protocol common to OSG VO services, EGEE, Globus, | implementing an authorization protocol common to OSG VO services, EGEE, Globus, | ||
| Line 18: | Line 20: | ||
* Dave Dykstra's CHEP-2009 overview talk on the AuthZ Interop working group [http://www.nikhef.nl/grid/lcaslcmaps/files/CHEP09-AuthZ-Interop-talk-v1.0.ppt PPT] and [http://www.nikhef.nl/grid/lcaslcmaps/files/CHEP09-AuthZ-Interop-talk-v1.0.pdf PDF] | * Dave Dykstra's CHEP-2009 overview talk on the AuthZ Interop working group [http://www.nikhef.nl/grid/lcaslcmaps/files/CHEP09-AuthZ-Interop-talk-v1.0.ppt PPT] and [http://www.nikhef.nl/grid/lcaslcmaps/files/CHEP09-AuthZ-Interop-talk-v1.0.pdf PDF] | ||
| + | |||
| + | = Links and references = | ||
| + | |||
| + | * [http://www.fnal.gov/docs/products/voprivilege/focus/AuthZInterop/info.html Project web page] | ||
Latest revision as of 07:09, 30 March 2009
The AuthZ Interop group is a collaboration of EGEE, the VO Services ‘Privilege’ Project, Globus, Condor, and VDT, with contributions from ANL, BCCS, BNL, FNAL, INFN, Nikhef, Switch, UvA, and the UWMadison.
The goal of the Authorization Interoperability activity is providing interoperability between middle ware and authorization infrastructures. This is achieved by agreeing on and implementing an authorization protocol common to OSG VO services, EGEE, Globus, and Condor.
This protocol is used by Policy Enforcement Points (PEP), i.e. resource gateways, to interact with Policy Decision Points (PDP), i.e. repository of authorization policies. For each access request, the PDP informs the PEP on whether access is granted or denied and, what obligations need to be enforced if access if granted. Obligations are used as a mechanism to restrict privileges at Grid resources.
Documents
- Joint Attribute and Obligation Profile
- This document defines the XACML profile for the interoperability of middleware authorization calls-out. Participating members of the collaboration that agreed on this profile are the VO Services project (for OSG), EGEE, EGEE-INFN, Globus, and Condor. The latest version, v1.1, is in effect since September 2008.
- SOAP Profile for XACML-SAML
- The XACML-SAML Profile document provides a minimal specification for the user of OASIS SAML 2.0 Profile of XACML, Version 2, with the SAML 2.0 SOAP binding.
