/[pdpsoft]/trunk/grid-mw-security/ees/thesis/grid_auth.tex
ViewVC logotype

Diff of /trunk/grid-mw-security/ees/thesis/grid_auth.tex

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

revision 945 by aramv, Tue Oct 20 02:01:11 2009 UTC revision 946 by aramv, Tue Oct 20 12:26:31 2009 UTC
# Line 340  The plug-ins that LCAS executes must all Line 340  The plug-ins that LCAS executes must all
340    
341  \begin{description}  \begin{description}
342  %\item[Gridlist]{A plug-in that maps allowed users to pool accounts using the gridmapfile \cite{gridmapfile}}  %\item[Gridlist]{A plug-in that maps allowed users to pool accounts using the gridmapfile \cite{gridmapfile}}
343  \item[Timeslots]{A plug-in that makes authorization decisions based on the time of day a job request is received \cite{timeslots}}  \item[Timeslots]{A plug-in that makes authorization decisions based on the time of day a job request is received \cite{lcas_apidoc}}
344  \item[Userban]{A plug-in that checks a file that contains a list of Subject DNs of users to be banned from the site \cite{userban}}  \item[Userban]{A plug-in that checks a file that contains a list of Subject DNs of users to be banned from the site \cite{lcas_apidoc}}
345  \item[Userallow]{A plug-in that checks a file that contains a list of Subject DNs of users to be allowed to the site. \cite{userallow}}  \item[Userallow]{A plug-in that checks a file that contains a list of Subject DNs of users to be allowed to the site. \cite{lcas_apidoc}}
346  \item[Check executable]{A plug-in that checks if the executable requested is whitelisted by the service.}  \item[Check executable]{A plug-in that checks if the executable requested is whitelisted by the service.}
347  % TODO reference Check executable  % TODO reference Check executable
348  \item[LCAS VOMS]{Works like the userallow plug-in, except it verifies the FQANs present in a proxy certificate instead of the Subject DN. These were added to the certificate by a VOMS service. With this plug-in, more complex policies for authorization can also be expressed in the GACL \cite{gaclsite:home} language.}  \item[LCAS VOMS]{Works like the userallow plug-in, except it verifies the FQANs present in a proxy certificate instead of the Subject DN. These were added to the certificate by a VOMS service. With this plug-in, more complex policies for authorization can also be expressed in the GACL \cite{gaclsite:home} language.}
# Line 394  The plug-ins that LCMAPS executes must a Line 394  The plug-ins that LCMAPS executes must a
394    
395  \begin{description}  \begin{description}
396  %\item[Gridlist]{A plug-in that maps users to pool accounts using the gridmapfile \cite{gridmapfile}}  %\item[Gridlist]{A plug-in that maps users to pool accounts using the gridmapfile \cite{gridmapfile}}
397  \item[Local account]{Maps the supplied user credentials (i.e. a Subject DN or VOMS-signed FQANs) to a local user account on a target system \cite{localaccount}}  \item[Local account]{Maps the supplied user credentials (i.e. a Subject DN or VOMS-signed FQANs) to a local user account on a target system \cite{lcmaps_apido}}
398  \item[Pool account]{Maps the supplied user credentials (i.e. a Subject DN or VOMS-signed FQANs) to a pool account on a target system \cite{poolaccount}}  \item[Pool account]{Maps the supplied user credentials (i.e. a Subject DN or VOMS-signed FQANs) to a pool account on a target system \cite{lcmaps_apidoc}}
399  \item[POSIX enforcement]{A plug-in that applies acquired credential information to procure a Unix user account on a target system. Verifies that the account was successfully attained. \cite{posix_enf}}  \item[POSIX enforcement]{A plug-in that applies acquired credential information to procure a Unix user account on a target system. Verifies that the account was successfully attained. \cite{lcmaps_apidoc}}
400  \item[LDAP enforcement]{A plug-in that applies acquired credential information in a target LDAP database \cite{ldap_enf}}  \item[LDAP enforcement]{A plug-in that applies acquired credential information in a target LDAP database \cite{lcmaps_apidoc}}
401  \item[Verify proxy]{This plug-in can verify the validity and authenticity of the incoming Grid credentials, and enforce life time constraints on the proxy}  \item[Verify proxy]{This plug-in can verify the validity and authenticity of the incoming Grid credentials, and enforce life time constraints on the proxy \cite{lcmaps_apidoc}}
402  \end{description}  \end{description}
403    
404  \subsection{SCAS}  \subsection{SCAS}

Legend:
Removed from v.945  
changed lines
  Added in v.946

grid.support@nikhef.nl
ViewVC Help
Powered by ViewVC 1.1.28