GT Security (GSI)

Security tools are concerned with establishing the identity of users or services (authentication), protecting communications, and determining who is allowed to perform what actions (authorization), as well as with supporting functions such as managing user credentials and maintaining group membership information.

Note: GT 4.0.1 introduce the SweGrid Accounting System (SGAS) tech preview.

The following is information about this component for different versions of the Globus Toolkit:

Security in GT4

Security in GT 4.0

GT4 provides distinct WS and pre-WS authentication and authorization capabilities. Both build on the same base, namely standard X.509 end entity certificates and proxy certificates, which are used to identify persistent entities such as users and servers and to support the temporary delegation of privileges to other entities, respectively.

GT4’s WS security includes:

  • Message-level Security mechanisms, which implement the WS-Security standard and the WS-SecureConversation specification to provide message protection for GT4’s SOAP messages
  • Transport-level Security mechanisms, which uses transport-level security (TLS) mechanisms; and
  • an Authorization Framework that allows for a variety of authorization schemes, including a “grid-mapfile” access control list , an access control list defined by a service, a custom authorization handler, and access to an authorization service via the SAML protocol.

For non-WS components, GT4 provides similar authentication, delegation, and authorization mechanisms, although with fewer authorization options.

Security in GT3

Security in GT 3.2

Security in GT 3.0

Note: GT 3.0 is no longer supported.

Security in GT2

Note: GT 2.x is no longer supported.

Security in GT 2.4