Prev Part III. OGSA-DAI for deployers Next

Appendix I. Appendix - Plug-in policy information points (PIPs) for OGSA-DAI GT authorization

I.1. Differences between GT4.0 and GT4.2 PIP implementations
I.2. DN PIP
I.3. Resource ID PIP
I.4. Workflow resource IDs PIP

OGSA-DAI provides the following policy information points (PIPs) that can be used within a Globus Toolkit authorization chain.

PIPDescription
DN PIP Obtains the distinguished name (DN) of the caller.
Resource ID PIP Obtains the ID of the resource the request is targeted at.
Workflow Resource IDs PIP Obtains the IDs of the resources targeted by activities in an OGSA-DAI workflow.

I.1. Differences between GT4.0 and GT4.2 PIP implementations

Unlike GT 4.0 PIPs, GT 4.2 PIPs implement the interface: 

org.globus.security.authorization.BootstrapPIP

For further information please see Globus documentation for this interface.

Our GT 4.0 PIPs have a method, collectAttributes, which returns null.

Our GT 4.2 PIPs instead have a method collectRequestAttributes which returns a RequestEntities object which is used in the GT4.2 security framework.

[Note]Note
GT 4.2 PIPs cannot run in GT 4.0 and vice-versa. While the behaviour is the same the interfaces and implemetations differ.

I.2. DN PIP

The DN PIP obtains the distinguished name (DN) of the caller.

  • Class:uk.org.ogsadai.service.gt.security.authorization.DNPIP
  • Parameters: none.
  • Output: Adds a new property to the Axis MessageContext
    • Property name: uk.org.ogsadai.authz.DN
    • Property value: String containing the DN.

I.3. Resource ID PIP

The Resource ID PIP obtains the ID of the resource the request is targeted at.

  • Class:uk.org.ogsadai.service.gt.security.authorization.ResourceIDPIP
  • Parameters: none.
  • Output: Adds resource IDs (as uk.org.ogsadai.resource.ResourceID) to a set held in a property in the Axis MessageContext. If the property does not exist then it is added:
    • Property name: uk.org.ogsadai.authz.ResourceIDs
    • Property value: java.util.Set containing uk.org.ogsadai.resource.ResourceID objects.

I.4. Workflow resource IDs PIP

The Workflow Resource IDs PIP obtains the IDs of the resources targeted by activities in an OGSA-DAI workflow.

  • Class:uk.org.ogsadai.service.gt.security.authorization.WorkflowResourceIDsPIP
  • Parameters: none.
  • Output: Adds resource IDs (as uk.org.ogsadai.resource.ResourceID) to a set held in a property in the Axis MessageContext. If the property does not exist then it is added:
    • Property name: uk.org.ogsadai.authz.ResourceIDs
    • Property value: java.util.Set containing uk.org.ogsadai.resource.ResourceID objects.
Prev Up Next
Appendix H. Appendix - OGSA-DAI context JNDI file Home Appendix J. Appendix - Plug-in policy decision points (PDPs) for OGSA-DAI GT authorization