See http://gridshib.globus.org/ for news updates, several new items were just added.
Announce [2007-11-11]
Tom Scavo gives a presentation of a paper entitled A Grid Authorization Model for Science Gateways at the GCE07 Workshop at SC07.
Announce [2007-11-01]
The OASIS membership approves the Metadata Profile for the OASIS Security Assertion Markup Language (SAML) V1.x and the Metadata Extension for SAML V2.0 and V1.x Query Requesters as OASIS Standards. (GridShib implements both of these Standards.)
Announce [2007-10-31]
The OGSA Attribute Exchange Profile Version 1.0 is submitted to the OGF Authz-WG.
Announce [2007-10-12]
A paper by Tom Scavo and Von Welch entitled A Grid Authorization Model for Science Gateways has been accepted by the Grid Computing Environments (GCE) Workshop at SC07.
Announce [2007-10-01]
The GridShib SAML Tools have been integrated into the MAEViz portal.
Announce [2007-09-14]
The GridShib SAML Tools have been integrated into SimpleCred, a component of the SimpleGrid portal framework.
Tom Scavo writes on gridshib-dev:
Technology Preview 3 of GridShib for GT v0.6.0 introduces some significant new features:
- A single comprehensive PDP, the GridShibPDP
- Implementation of a new Attribute Aggregation Algorithm (push + pull)
- Dual support for both GT4.0 and GT4.1+
- Improved logging
This is in addition to features already introduced in previous versions of GridShib for GT:
- Support for both Attribute Push (NEW) and Attribute Pull
- Blacklisting of IP addresses (NEW)
- Attribute Mapping
- Attribute-based Authorization Policy
Read the whole announcement for more details!
The GridShib project has simultaneously released new versions of the GridShib CA and the GridShib SAML tools.
You can find the latest code and documentation links (including links to demos) here:
http://gridshib.globus.org/download.html
And here are the changelogs:
GridShib CA 0.4.0
GridShib SAML Tools 0.1.4
The GridShib Project is pleased to announce GridShib for GT v0.5.1, which is now available on the GridShib Downloads page:
http://gridshib.globus.org/download.html#gridshib-gt
For a detailed changelog of what is new in this release, see:
http://gridshib.globus.org/docs/gridshib-gt-0.5.1/admin-index.html#gridshib-gt-changelog
The major change in this release is support for using VOMS based authorization in conjunction with SAML attribute based authorization (authorization will be based on one or the other). If you are not interested in using VOMS, GridShib for GT will compile and run without needing to install the VOMS authorization library.
We are pleased to announce that an update of the VOMS authorization package is now available.
This library is for the GT4 Java core authorization framework. It allows VOMS certificates to be inspected and authorization decisions to be made based on the attributes.
The notable changes are:
- support for user account mappings from VOMS attributes
- compatibility with both GT4.0.x and GT4.1.0.
For information on downloads, installation, and configuration, see the VOMS page:
http://dev.globus.org/wiki/VOMS
Tom Scavo writes:
The GridShib Team is pleased to announce the availability of the
GridShib SAML Tools v0.1.3.
http://gridshib.globus.org/docs/gridshib-saml-tools-0.1.3/readme.html
Changes in this release include:
- added support for –ssoResponse command-line option
- fixed logging bug http://bugzilla.globus.org/globus/show_bug.cgi?id=4982
- fixed (UNIX) file permissions on scripts in bin/
- fixed CRLF on scripts and editable text files
- implemented web-based demo script https://computer.ncsa.uiuc.edu/gst-demo/
To see the GridShib SAML Tools in action, please try out our new demo app:
https://computer.ncsa.uiuc.edu/gst-demo/
The source code used to implement this demo is bundled with the SAML
Tools. As always, you can download the SAML Tools and other software
components from the GridShib Downloads page:
http://gridshib.globus.org/download.html
This 70 page PDF Implementing Persistent Identifiers is a nice overview of identifier schemes.
Chapter 4 is about The Handle System which has been integrated with Globus and is also now a dev.globus incubator project. It provides a powerful set of secure identifier/metadata resolution and administration tools for grids.
The report’s concluding chapter makes no specific implementation recommendation, one of the main reason’s being that “none of these systems ensure persistence: persistence can only be achieved by administrative commitment.”
