40 likes | 153 Views
GridSite and G-HTTPS update. Andrew McNab, University of Manchester mcnab@hep.man.ac.uk. GridSite 0.3/fileGridSite => GridSite 0.9. GridSite manages access to websites and HTTP(S) fileservers Users and admins load GSI cert + key into unmodified web browsers
E N D
GridSite and G-HTTPS update Andrew McNab, University of Manchester mcnab@hep.man.ac.uk
GridSite 0.3/fileGridSite => GridSite 0.9 • GridSite manages access to websites and HTTP(S) fileservers • Users and admins load GSI cert + key into unmodified web browsers • GridSite used by EDG Testbed website, GridPP and e-Science ETF + Level 2 Grid support websites in the UK. • ACLs control read and write access to files and directories • Write access either by HTML forms (interactive) or HTTP PUT / DELETE (programmatic) • GridSite 0.9 merges interactive GridSite 0.3 functionality with programmatic functionality of fileGridSite. • Basic access control, page formatting and PUT/DELETE now done by Apache module: mod_gridsite. • Standalone grst-admin.cgi and grst-proxy.cgi provide site admin and G-HTTPS (delegation and 3rd party transfer) support. • Can host websites, fileserving and Grid/Web Services on same server.
(Red = As of 17/Feb/03, not yet implemented.) GridSite 0.9 architecture grst-admin.cgi: page editing, file upload, ACL editing etc. grst-proxy.cgi: G-HTTPS, 3rd party COPY, proxy GET + PUT mod_gridsite: .html headers and footers .shtml, mod_perl CGI, PHP mod_jk: JSP with Tomcat mod_gridsite: PUT, DELETE, MOVE mod_gridsite: GACL access control + GACL > env vars HTTP mod_ssl: plain HTTPS > env vars mod_ssl-GSI: HTTPS with GSI+VOMS+CAS> env vars
G-HTTPS • grst-proxy.cgi now has example G-HTTPS implementation • (previously in fileGridSite) • GET-PROXY-REQ and PUT-PROXY-CERT for delegation • COPY between remote HTTPS host and webserver using delegated proxy • grst-proxy-put command line tool • real work for the above done by functions in libgridsite, built directly on OpenSSL: C/C++ API to appear. • G-HTTPS spec exists in draft form • see post to wp7-security list • Negotiated a 15 minutes slot about HTTPS extensions in GGF Data Transport RG meeting => some kind of document; more people.