perfSONAR User Q&A and Other Discussion

[Jeff W.Boote <>]

Daniel,

Different services provide different kinds of functionality. To some  
extent because of this, authorization decisions will be distributed  
out to each service to decide.

That said, there is a placeholder in the architecture for an AuthZ  
service. The intended use of an AuthZ service would be to allow a  
given set of deployments to centralize the administration of some of  
the authZ decision. For example, a domain that deployed several  
bwctlMPs might want to centralize the rules about who can access all  
of the deployed MPs.

However, I'm unaware of this part of the architecture actually having  
been realized in a production deployment yet. (Most groups simply use  
rsync or something similar to keep a centralized configuration up to  
date and pushed out to groups of services.) If anyone has been working  
on something like this, I would love to hear about it.

jeff

On Jan 25, 2010, at 7:22 AM, Daniel Ryushin wrote:

> Hello there,
>
> I know perfsonar has an authentication service, where you can  
> authenticate computers within the ones allowed to access other  
> services.
>
> But what about an authorization service? I would like to know if  
> it's possible to allow/deny different users (on any machine) to  
> access other services.
>
> Didn't find any information about this on the perfsonar web page.
>
> Thanks in advance,
>
> Daniel.