Hi all, I'm evaluating the adoption of the GT4 Delegation Service in my project. Studying the documentation and making some tests, I have noticed two things: service implementation depends on grid-map file and it supports persistence of credentials delegated by default. In fact: * Delegation Factory Service needs the grid-map file. Looking at the source code, I have discovered that information retrieved by grid-map file (basically the "local name" of a unix's user) are used to label the persisted resource, correct me if I'm wrong. Could you explain me why do you need the local name to store the delegation resource? if it is not strictly needed maybe delegation service could be grid-map independent and in this way developers can use it inside a different authorization mechanism (not based on local grid map file).
* Credential Storage: as far as I have understood, correct me if I'm wrong, any service deployed in the container can access the persisted credentials without any restriction. Maybe this could become a security issue in some cases (i.e.: if I cannot control the behavior of a deployed service) or not ? For these reasons, I want to ask if it is (or will be soon) possible to disable the grid-map file dependency and the persistence mechanism in GT4 Delegation Service through, for example, setting jndi properties ? Moreover I'd like to know if it is normal that the invocation to static X509Certificate[] getCertificateChainRP(String delegationUrl, ClientSecurityDescriptor secDesc) is significantly slower than public static EndpointReferenceType delegate(String delegationServiceUrl, GlobusCredential issuingCred, X509Certificate certificate, int lifetime, boolean fullDelegation, ClientSecurityDescriptor desc) And if yes, how can I speed up this invocation? Sorry for the long post ... Thank you in advance, Andrea
