What I did in 2003

1. What I did in 2003 Shiv Kaushal, University of Manchester shiv@hep.man.ac.uk

2. Gridsite • What is Gridsite? • Set of tools for using GRID certificates over HTTP(S) • Extension to Apache web server • Files or web pages • Areas of Interest • Website management • Security

3. Website Management • Edit pages “On the fly” • Various other operations: • Delete/rename/edit files & directories • Define groups • Delegate control of sections of a site to others

4. Security • Access control done through GRID certificates and GACL • Can be loaded in to most web browsers • Uniquely identifies you • No need to remember usernames and passwords • Access Control List (ACL) files can become difficult to read and edit • Web based editor built into Gridsite

5. Example GACL File <dn>O=Grid/O=UKHEP/OU=hep.man.ac.uk/CN=Andrew McNab</dn> </person> <allow><read/><exec/><list/><write/><admin/></allow> </entry> <entry> <dns> <hostname>*.some.unfreindly.site</hostname> </dns> <deny><read/><exec/><list/><write/><admin/></deny> </entry> <entry> <dn-list> <url>https://pc78.hep.man.ac.uk/dn-lists/banned</url> </dn-list> <deny><read/><exec/><list/><write/><admin/></deny> </entry> </gacl> <?xml version="1.0"?> <gacl version="0.0.1"> <entry> <person> <dn>/C=UK/O=eScience/OU=Manchester/L=HEP/CN=shiv kaushal</dn> </person> <allow><read/><exec/><list/><write/><admin/></allow> </entry> <entry> <dns> <hostname>*.hep.man.ac.uk</hostname> </dns> <allow><read/><exec/><list/></allow> </entry> <entry> <person>

6. Security • Access control done through GRID certificates and GACL • Can be loaded in to most web browsers • Uniquely identifies you • No need to remember usernames and passwords • Access Control List (ACL) files can become difficult to read and edit • Web based editor built into Gridsite

8. 2004 • Support for Gridsite • Extend Gridsite to accept VOMS attributes • Start investigating usage control