Authentication mechanisms v0.2
Guy Rixon
gtr at ast.cam.ac.uk
Mon Apr 10 12:07:14 PDT 2006
Hi,
I've uplaoded to the GWS-WG wiki wprking draft v0.2 of the
authentication-mechanisms standard (this is the document previously called
"message protocols"). This captures (I hope!) what we agreed at Kyoto and
reaffirmed in Spain, and adds a lot of rather dry but necessary detail that I
picked up during protoyping.
There are a few unresolved points on which I'd appreciate guidance. And feel
free to rubbish the whole thing if you think I've got it wrong. :)
I'm working on a prototype implementation in Java. I hope to have it going for
demonstration in Victoria. if anybody can cook up a second, interoperable
prototype, then we will finally be clear to go to PR.
In respect of prototyping, beware! We have agreed to use Globus-style
certificate chains (RFC3820 and dicussed in my document). Very few current
implementations of WS-Security actual implement RFC3820. Most implementations
choke on RFC3820 certificate-chains, producing unhelpful messages. Therefore,
you need to add code at a low level when constructing a prototype out of
3rd-party components.
Cheers,
Guy
Guy Rixon gtr at ast.cam.ac.uk
Institute of Astronomy Tel: +44-1223-337542
Madingley Road, Cambridge, UK, CB3 0HA Fax: +44-1223-337523
More information about the grid
mailing list