Definition: Modify WS GRAM services and resource to provide configurable
authorization and remove dependency on GridMap authorization. Test against an
external authorization service, GUMS. Details on current infrastructure and
requirements are described here:
http://docs.google.com/Doc?id=dfkt44p2_5djmh6dgs

Tasks:

1. Managed Job Resources should allow for configurable resource security
descriptor, such that authorization mechanism can be configured. This requires
changes to the Managed Job Home, to set up the configured authorization and
policy during resource creation.

2. Dependency on presence of GridMap object should be removed and presence of a
local account mapping in peer subject should be the only requirement.

3. Use of GridMap authorization as resource authorization should be default
configuration for backwards compatibility.

4. Test scenario:
- WS GRAM factory configured with Execution Service PIPs and XACML
Authorization Callout PDP to talk to GUMS
- WS GRAM resources configured with Execution Service PIPs and two PDPS: XACML
Authorization Callout PDP to talk to GUMS and Local Account Access Control PDP.
Authorization decision involves obtaining mapping from GUMS and validating
presence in the Local Account Access Control PDP.
- Client 1 and Client 2 mapped to same local account in GUMS server. 
- Client 1 creates a job.
- Client 2 queries and destroys the job.

5. Merge code to 4.2 branch and trunk

6. Documentation update