Difference between revisions of "GCube Security Model"
From Gcube Wiki
| Line 2: | Line 2: | ||
==Authentication Model== | ==Authentication Model== | ||
| − | The DILIGENT Security | + | The DILIGENT Security uses PKI mechanisms to authenticate identities acting in the infrastructure. |
==Authentication Mechanism== | ==Authentication Mechanism== | ||
| Line 11: | Line 11: | ||
==The DL context== | ==The DL context== | ||
| − | Each | + | Each service |
==Identity of services acting in a Single DL== | ==Identity of services acting in a Single DL== | ||
==Identity of services acting in mutiple DLs== | ==Identity of services acting in mutiple DLs== | ||
Revision as of 15:34, 14 March 2007
This page describes the security model adopted in the DILIGENT infrastructure
Contents
Authentication Model
The DILIGENT Security uses PKI mechanisms to authenticate identities acting in the infrastructure.
Authentication Mechanism
The mechanism used in DILIGENT to authenticate service invocatons is the WS-SecureConversation one. The Java WS-Core container provides a built-in implementation of this standard called GSI-SecureConversation.
This choice is driven by the need to delegate caller credentials to invoked services. The HTTPS mechanism (also available in the Java-WS-Core) cannot interoperate with the GSI-SecureConversation one, thus preventing the exploiting of both mechanisms in the DILIGENT infrastructure. For this reason the HTTPS mechanism has been discarded.
The DL context
Each service
