Re: [gt-user] Globus Toolkit 4.2.1 and the XACML PDP Callout...

Mon, 18 Oct 2010 09:44:34 -0700 

Hi again,

indeed after working with the XACML and Globus a few questions arouse, as I
assumed. I just explain what exactly I am planning to do:

The XACML service I want to access (via the Globus XACML callout) for every
Globus resource that is requested takes three parameters as input and responds
with a simple "DENY" or "ALLOW":

It takes the subject DN, the grid resource and the action as parameters, and
that are exactly the parameters the ServiceAccessPIP is supposed to gather,
isn't it? They would be (taken from
http://www.globus.org/toolkit/docs/4.2/4.2.1/security/wsaajava/pip/wsaajava-pip-serviceAccess.html):

The Subject DN of the client
(org.globus.wsrf.impl.security.authorization.XACMLConstants.SUBJECT_X509_ID),
the Local part of the operation being invoked
(org.globus.wsrf.impl.security.authorization.XACMLConstants.ACTION_ID), and
the String representation of the EPR contacted by the client
(org.globus.wsrf.impl.security.authorization.XACMLConstants.RESOURCE_ID)

My questions now is: Where exactly would I have to configure this three
parameters to send to our XACML service for every resource the Globus users
are requesting via GridFTP? As I assume, that would be no custom logic then?

Thanks a lot for all your help!

All the best.
*fu*


Am 20.09.10 16:57, schrieb Rachana Ananthakrishnan:
>>> - Is it possible to use the PIPs and PDPs just by configuring or do I
>>> have to implement the functionality myself?
> 
> If the PIP or PDP is shipped out of the box, like the XACML one, or any of
> the others listed here 
> http://www.globus.org/toolkit/docs/4.2/4.2.1/security/wsaajava/pdp/, you 
> should be able to just configure it and not implement anything. If you
> want custom logic in your PDPs and PIPs, you can implement the interface
> and configure it in.


-- 
-----------------------------------------------------------------------
Stefan E. Funk
DAASI International GmbH             Phone DAASI :    +49 7071 407109-6
Europaplatz 3                          Phone SUB :      +49 551 39-7700
D-72072 Tübingen                           Email : [email protected]
Germany                                      Web :  http://www.daasi.de

Directory Applications for Advanced Security and Information Management
-----------------------------------------------------------------------

Reply via email to