RE: VOMS Cookbook for Protecting GT4 Services!Hi, As per your requirement of VOMS protection for Globus 4.0.4 services(e.g MathService) running in the globus conatiner, you need the following softwares : 1) VOMS server and client (This can be downloaded from gLite site. And the documents from the EGEE sites give the dependencies and other stuff.) 2) GT4 web-container from globus.org 3) VOMS interceptor from the link http://dev.globus.org/wiki/Incubator/VOMS/Installing. In short, these interceptors are the VOMS-Globus plug-in working within the Java authorization framework of GT4. They will extract the VOMS credential and make a decision to allow/deny depending on the permissions set in the service side.
The link below tells how to protect a sample web-service with VOMS credential. It also says about where to specify the PDPs and PIPs. We have used this document as the main reference, to secure a sample web-service running in Globus container with VOMS credential. http://www.nikhef.nl/~dennisvd/ws_voms_authz_howto.pdf Also the link below has links to some documents http://dev.globus.org/wiki/Incubator/VOMS Hope this helps, Regards, Kakoli -----Original Message----- From: [email protected] [mailto:[email protected]]on Behalf Of Jan Muhammad Sent: Thursday, January 29, 2009 11:39 PM To: Tom Scavo Cc: [email protected] Subject: Re: [gt-user] VOMS Cookbook for Protecting GT4 Services! Hi Tom, Thanks for your reply. Here is what I did/understood from the document at wiki. I download the source (http://workspace.globus.org/downloads/globus_voms_interceptors_0.2.tar.gz), build the gar and deployed to container successfully. 1. But after deploying the service I don't see any additional service in the container after deploying. 2. If you look at that document Configuration section, its not clear which service's security-config.xml file to edit (http://dev.globus.org/wiki/Incubator/VOMS/Installing#Configuring_the_author ization_chain) I will assume that it is talking about the service that I want to protect. 3. Then at the "Setting Configuration parameters section" it has not mentioned about PIP configuration parameters and PDP configuration parameters that where and in which files these will go? Could you kindly clear these things to me? Warm regards, -Jan Muhammad -----Original Message----- From: Tom Scavo [mailto:[email protected]] Sent: Thu 29/01/2009 15:11 To: Jan Muhammad Cc: Alan Sill; [email protected] Subject: Re: [gt-user] VOMS Cookbook for Protecting GT4 Services![MESSAGE NOT SCANNED] On Tue, Jan 27, 2009 at 11:18 AM, Jan Muhammad <[email protected]> wrote: > > What are the Pre-requisite for VOMS setup? > VOMS components to Install (PIP/PDP)---- This is almost there in documents > sent on gt-user list. > Where to store VOMS Server generated attributes (MySQL or local File > System) Unless I'm misunderstanding you, only the middle question seems relevant to this globus mailing list. If the documents in the wiki are not sufficient to get you started, please let us know what is missing and we'll try to provide it. > For example I need VOMS protection for Globus 4.0.4 services(e.g > MathService) running in the globus conatiner; I can protect these services > with GSI (Message and Transport Level security). Now I want to > implement/extend the GSI to VOMS (specifically GT4.0.4 Service). This is precisely what is described in the wiki. Can you elaborate what about that documentation is not clear? Tom -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
