MSO and multiple communities
Dave Morris
dave at ast.cam.ac.uk
Tue Jul 6 09:02:21 PDT 2004
Guy Rixon wrote:
>OK...in that case S only trusts a group warrant from C2 if the warrant is
>names an indivdual account, at some Ci and S also trusts Ci. I.e., the group
>warrant can't say 'the bearer of the public key xyz is a member of group G';
>it has to say that 'the caller X is a member of group G provided that you
>can authenticate X as individual user I'. Possible, but we'd better be aware
>of the distinction.
>
>
Yep.
To call a service with identity I as a member of group G you would need
two warrants.
One from your home Community, Ch, to say 'this certifies the bearer is I'
One from the Community, Cg, that manages the members of group G to say
'this certifies I is a member of the group G'.
The service needs to trust both Ch and Cg.
This may sound like a lot of work for the service developer and service
provider.
However, a lot of it can be off loaded to a (local) Community.
If the service S trusts a (local) Community Cs, then when it recieves
all of the warrants in a message, the service should be able to just
bung the whole lot at the local Community service Cs and ask it 'is this
lot valid ?'. The Community service can then work out the details,
checking the group memberships are signed correctly etc.
It means that if an institute provides multiple services, they only need
to assign the trust relationships in one place.
All of the local services trust Cs, and the administrator of Cs decides
if they trust other Communities, Cx and Cy.
Note, (local) is in brackets because it would normally be local to an
Institute, but it could be a remote Community managed by someone else.
Dave
More information about the grid
mailing list