> Credential access is via Java API, once the service that needs the > credential is provided with EPR of the delegated credential. > > Here is a brief overview: > > http://www.globus.org/toolkit/docs/development/4.2-drafts/security/delegatio > n/developer/delegation-developer-archdes.html#id2470028
I have read this page before. > Code specific usage scenarios: > > http://www.globus.org/toolkit/docs/development/4.2-drafts/security/delegatio > n/developer/delegation-developer-scenarios.html I have read this page before. Thanks for the link, but they only seem to deal with the client side. Even the "Globus Toolkit 4" book by Sotomayor/Childers cover the service side of delegation with only one sentence: " ... Then, the service that wants to use those credentials must contact the delegation service to retrieve them". nothing else! that's the only information in the whole GT4 book! anyway, in the meantime, I'v found out that I can get the X509Certificates from SecurityManager and RessourceContext. I've found out the hard way: grep'ing gt4.0.5-source code. Reading java code. Re-compiling. Re-starting globus-container, -zig times. Thank you for nothing, 500 pages "Globus Toolkit 4" book. however, accessing the X509Certificates is only half the work. another thing that's unclear to me is the creation of a job-proxy. what does a client have to tell a service, so that the service automatically creates a X509_USER_{CERT,PROXY,KEY}? how is this implemented in the service? > Following is tutorial that covers the delegation service: > > http://www-unix.globus.org/toolkit/tutorials/javaWSSecurity/ Ouch, there is a ".PPT" file on a site called "Unix.globus" :-( (http://www-unix.globus.org/toolkit/tutorials/javaWSSecurity/SecurityTutorialPresentation.ppt) Unfortunately, the office version I have on my linux desktop scrambles .PPT files. anyway. thanks for the security-tutorial source code. I'm currently reading it to see if it answers my questions. kind regards, H.Rosmanith
