Hi Rachana, well, I'm using GT 4.0.x, I am setting the security on the stub in the code of the client, in fact I'd like to know if I can put it in the client-security-descriptor.xml, I was putting when I was using GSISecureConversation, but using GSITransport, putting in the security descriptor of the client didn't work.
And I have another doubt: If I define this security-descriptor for my Grid-Service: <?xml version="1.0" encoding="UTF-8"?> <securityConfig xmlns="http://www.globus.org";> <auth-method> <GSITransport> <protection-level> <integrity/> <privacy/> </protection-level> </GSITransport> </auth-method> <authz value="none"/> </securityConfig> This define that my client needs to Set: GSITransport with Integrity ?AND? Privacy ???? or GSITransport with Integrity ?OR? Privacy ???? In relation to run-as, for now I 'm not needing to use Delegation anymore. thanks. On Wed, Apr 23, 2008 at 9:31 AM, Rachana Ananthakrishnan < [EMAIL PROTECTED]> wrote: > If you are using GT 4.1.x or code from trunk, use GSISecureTransport as > the element name: > > > > > http://www.globus.org/toolkit/docs/development/4.2-drafts/security/wsaajava/wsaajava-secdesc.html#wsaajava-secdesc-clientSide > > > > In GT 4.0.x, you need to set it on the stub if encryption is required. If > GSI Transport with signature is needed, it will be used based on the URL > starting with "https". > > > > > http://www.globus.org/toolkit/docs/4.0/security/message/WS_AA_Message_Level_Public_Interfaces.html#s-message-public-domain > > > > > > BTW, run-as caller identity requires that the caller delegate credentials > to the service as part of the authentication step. So it will work only with > GSI Secure Conversation with delegation. > > > > Rachana > > > ------------------------------ > > *From:* [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] *On > Behalf Of *Wilson Jr. > *Sent:* Tuesday, April 22, 2008 9:34 PM > *To:* Globus User List > *Subject:* [gt-user] How setup GSI Transport in the Client > > > > Hi folks, > > I was running the Globus Container with: -nosec, and then using > GSISecureConversation > at my GridService, and it works fine. I'd like to change to GSITransport, > then I took out the > -nosec, and I'm running Globus in 8443. The security-descriptor from my > service is this: > <securityConfig xmlns="http://www.globus.org";> > > <auth-method> > <GSITransport> > <protection-level> > <privacy/> > </protection-level> > </GSITransport> > </auth-method> > > <authz value="none"/> > > <run-as> > <caller-identity/> > </run-as> > > </securityConfig> > > My client has a client-security-descriptor.xml to choose the level of > security, before using > GsiSecureConversation, it was ok, but putting: > <GSITransport> > <privacy/> > </GSITransport> > > it doesn't work, says the attribute GSITrasnport cannot be used in the > descriptor, then I took out > and let my client-security-descriptor.xml practically empty: > <?xml version="1.0" encoding="UTF-8"?> > <securityConfig xmlns="http://www.globus.org";> > > </securityConfig> > > and it throws this exception: > ERROR: GSI Transport (encryption only) authentication required for "{ > http://topgrid.dcc.ufba.br/namespace/grid/apps/AfisDCC/AfisDCC}sendFinger<http://topgrid.dcc.ufba.br/namespace/grid/apps/AfisDCC/AfisDCC%7dsendFinger>" > operation. > AxisFault > > > > My question is, How do I set GSI Transport in the client? > > -- > "É este um mundo no qual devemos esconder nossas virtudes?" > Willian Shakespeare > > > **************** > Wilson Júnior > **************** > -- "É este um mundo no qual devemos esconder nossas virtudes?" Willian Shakespeare **************** Wilson Júnior ****************
