Skip to Content.
Sympa Menu

perfsonar-user - Re: [perfsonar-user] Authentication and Authorization services?

Subject: perfSONAR User Q&A and Other Discussion

List archive

Re: [perfsonar-user] Authentication and Authorization services?


Chronological Thread 
  • From: Jeff W.Boote <>
  • To: Daniel Ryushin <>
  • Cc:
  • Subject: Re: [perfsonar-user] Authentication and Authorization services?
  • Date: Mon, 25 Jan 2010 10:48:57 -0700

Daniel,

Different services provide different kinds of functionality. To some extent because of this, authorization decisions will be distributed out to each service to decide.

That said, there is a placeholder in the architecture for an AuthZ service. The intended use of an AuthZ service would be to allow a given set of deployments to centralize the administration of some of the authZ decision. For example, a domain that deployed several bwctlMPs might want to centralize the rules about who can access all of the deployed MPs.

However, I'm unaware of this part of the architecture actually having been realized in a production deployment yet. (Most groups simply use rsync or something similar to keep a centralized configuration up to date and pushed out to groups of services.) If anyone has been working on something like this, I would love to hear about it.

jeff

On Jan 25, 2010, at 7:22 AM, Daniel Ryushin wrote:

Hello there,

I know perfsonar has an authentication service, where you can authenticate computers within the ones allowed to access other services.

But what about an authorization service? I would like to know if it's possible to allow/deny different users (on any machine) to access other services.

Didn't find any information about this on the perfsonar web page.

Thanks in advance,

Daniel.




Archive powered by MHonArc 2.6.16.

Top of Page