Skip to Content.
Sympa Menu

perfsonar-dev - Some critical modifications to perfSONAR

Subject: perfsonar development work

List archive

Some critical modifications to perfSONAR


Chronological Thread 
  • From: Cándido Rodríguez Montes <>
  • To: Perfsonar Development List <>
  • Subject: Some critical modifications to perfSONAR
  • Date: Wed, 21 Mar 2007 13:09:19 +0100

Hi,
as most of you know, I've started to implement the authorization service (AS) in perfSONAR and it's not only to develop that service but it provides to perfSONAR services some classes for sending AS authorization requests.
Well, the AA team have decided some weeks ago to use Web Service Security (WS-SEC) standards for authorization purposes. At this time, the communication between perfSONAR clients and resources is through XML messages which are encapsulated by SOAP. But SOAP is composed by two main elements: SOAP headers and SOAP bodies. And those XML messages are included in a SOAP body.
But using WS-SEC, clients send to resources (and the same when resources send an authN request to the AS) include the security token, which is the information needed by the receiver to check the identity of the sender, in a SOAP header. And this implies some modifications in the perfSONAR architecture:
- In the svn branch 'branches/as', I've modified the class 'org.perfsonar.service.web.RequestHandler' so it can access all SOAP message. So in this way, we can check if clients have sent security token or not.
- But resources need to get the security token in case it has been sent. In the perfSONAR architecture, XML messages sent by clients are mapped to the class 'org.ggf.ns.nmwg.base.v2_0.Message' and then it passed to a message handler. Finally, the service receives the message when it's called the function 'takeAction(String actionType, Message request)'. In this scenary, it's not possible that services get the security token or check the SOAP header which contains the security token. So, I think that there are two possible solutions:
+ We can change the 'Message' class so it includes the security token if it's sent in the request.
+ We can change this presented workflow and change the function 'takeAction' to 'takeAction(String actionType, Message request, SecurityToken token)'.
+ Any other ideas?

What's your feeling about this?

--
Cándido Rodríguez Montes E-mail: 
Red.ES/RedIRIS Tel:+34 955 05 66 13
Edificio CICA
Avenida Reina Mercedes, s/n
41012 Sevilla
SPAIN






Archive powered by MHonArc 2.6.16.

Top of Page