OGSA-DAI data resource authorization is based around the notion of an OGSA-DAI security context that contains information, for example the caller's distinguished name, about some client. Security contexts are constructed typically at an OGSA-DAI presentation layer. The information they can contain is presentation layer or application specific.
The OGSA-DAI framework is aware of security contexts - these are a property of invocations of OGSA-DAI operations - but makes no assumptions as to their content. Such assumptions can be restricted to application-specific authorization components (such as login providers).
A security context must implement the interface:
uk.org.ogsadai.authorization.SecurityContext
This interface provides no methods.. It is simply a marker interface to mark an class as being a security context.
The default GT security context implements the following interfaces:
uk.org.ogsadai.authorization.SecurityContext uk.org.ogsadai.authorization.DistinguishedNameProvider uk.org.ogsadai.authorization.GSSCredentialProvider
The DistinguishedNameProvider interface
provides the following method that can be used to obtain the distinguished
name of the caller (if it is available):
String getDN();
The GSSCredentialProvider interface
provides the following method that can be used to obtain the GSS credential
of the caller (if it is available):
GSSCredential getGSSCredential();
The GSSCredential will only be available if the caller has used secure conversation with delegation to pass the credential to the server.