[gridshib-user] GridShib Installation testbed
giulio.galiero at eng.it
Wed Aug 8 11:33:58 CDT 2007
Ok! Very good, I apologize if I wasn't so clear in the previous mail. At
the moment we don't have any major constraint about which GT version to
use: then, GT4.1+ seems the better choice.
By the way, comparing Tim's mail...
>>> As Tom explains, there is GT4.0 support for this permit-overrides
>>> VOMS/SAML behavior in GridShib for GT and it is on the roadmap to
>>> include this in subsequent versions.
>>> In GT4.1+ you can configure the authorization chain to do this
>>> without any explicit support from GridShib for GT (which can be
>>> configured as a PDP alongside VOMS in the permit-overrides chain).
...and Tim's mail...
> The answer is yes, with the qualifications that Tim outlined
> previously. Currently, the best solution leverages GT4.1+. Starting
> in GT4.1, the authz framework uses a permit-overrides combining
> algorithm by default, so all you have to do is introduce both the VOMS
> PDP and the GridShibPDP into the authz chain and you're done. As it
> stands today, each has its own policy configuration file, so that's a
> bit of a pain, but not terribly so.
...I can't understand if GridShib4GT is necessary or not if I'm using
GT4.1+ (Could I just add a PDP for SAML in the authZ chain and that's it?)
The possibility to use both VOMS and SAML for authZ sounds like a very
interesting opportunity, and we are thinking of setting up a testbed in
our lab to start with a very basic example.
We'd really appreciate if you guys could support us in the
configuration/testing activities. Could you give us references
(tutorials/howtos) or whatever you could think is helpful.
PS: could be a useful to start from "GridShib for Globus Toolkit -
and the integrate it with VOMS installation/configuration?
More information about the gridshib-user