Skip to Content.
Sympa Menu

shibboleth-dev - Re: Sub: Web Portal + Shibboleth possibility ???

Subject: Shibboleth Developers

List archive

Re: Sub: Web Portal + Shibboleth possibility ???


Chronological Thread 
  • From: "Venkata Krishna Ravula" <>
  • To:
  • Subject: Re: Sub: Web Portal + Shibboleth possibility ???
  • Date: Tue, 28 Nov 2006 12:38:33 -0600
  • Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references; b=RDA99P9pIcgrHDzdc9zgmxyglozaAhRQKQitbz8tbRLiZb8z73FAkgnzg21KNJmUEHGhakJmckmArZGTsGJHmh12Lezx4EeiAWH127yKlqJ2IX/Esb7I7o90FoGKxbkdz76Q+XVXRDbIOBUGHC1H6FO6LGPjxBD43qqaQDQ2usw=

Hi Tom,
 
             appreciate your response. Firstly, my apologies on being unclear about the issue. Let me explain the scenario in steps:
 
Step 1: User goes onto the web-portal  to request a particular service
 
Step 2: User is then authenticated  and authorized using Shibboleth ( Globus is not involved here )
 
Step 3:  On positive credentials, the portal now communicates with the Globus ToolKit.(Shibboleth is not involved anymore hereafter)
 
Step 4: Portal requests for a service from the Globus ToolKit.
 
Step 5: Globus assumes that if the Portal requests a service then it simply is right in its asking. ( I mean the Globus simply trusts the  
           Portal) [ This is where I am unable to figure as to how to make this happen  and also if this a feasible implementation ]
 
Step 6: Globus provides the service/ resource.
 
I hope I broke down the problem into simpler terms. Incase of any confusion, yet do please let me know.
 
Appreciate all your time and effort.
 
Regards
 
Venkata 

 
On 11/28/06, Tom Scavo <> wrote:
Hi Venkat,

On 11/27/06, Venkata Krishna Ravula <> wrote:
>
> Now I guess the whole question is to make the portal once authenticated with
> proper credentials to be trusted by the Globus tool kit. This is where the
> entire scenario revolves. How to make the portal to be trusted by the GTK
> after authenticated by Shibboleth ? Any suggestions would be greatly
> appreciated.

It's not exactly clear what you're after, so if you could elaborate a
bit on what you want to do once the user has authenticated to the
portal, that would help.

As I mentioned earlier, there are grid portals in production today
that request grid services on behalf of the user.  The portal may or
may not be shib-enabled, that's mostly irrelevant.  The grid service
trusts the portal to make requests on behalf of the user.  The portal
possesses a "community credential" for this purpose.

Cheers,
Tom




Archive powered by MHonArc 2.6.16.

Top of Page