6542 2008-11-14 09:12 Modify Delegation Service/Resource authorization to be configurable 2008-11-14 09:50:15 1 1 1 Unclassified Delegation Service Campaign 4.2.1 PC Windows XP NEW OSG/EGEE_Authz_Interop P3 normal --- 1 ranantha@mcs.anl.gov ranantha@mcs.anl.gov bester@mcs.anl.gov childers@mcs.anl.gov franks@mcs.anl.gov ranantha@mcs.anl.gov 2008-11-14 09:12:03 Definition: Modify Delegation Service and resource to provide configurable authorization and remove dependency on GridMap authorization. Test against an external authorization service, GUMS. Details on current infrastructure and requirements are described here: http://docs.google.com/Doc?id=dfkt44p2_5djmh6dgs 1. Delegation Resource should allow for configurable resource security descriptor, such that authorization mechanism can be configured. This requires changes to the Delegation Home, to set up the configured authorization and policy during resource creation. 2. Dependency on presence of GridMap object should be removed. Use of GridMap authorization as resource authorization should be default configuration for backwards compatibility. 3. Test scenario: - Delegation Factory Service configured with Delegation Service PIPs and XACML Authorization Callout PDP to talk to GUMS - Delegation resources configured with Access Control List of DN used to create the delegated resource. - Client 1 and Client 2 mapped to same local account in GUMS server. - Client 1 delegates a credential - Client 2 attempts to destroy the credential, should fail - Client 1 should be able to refresh and destroy the credential. 5. Merge code to 4.2 branch and trunk 6. Documentation update