next up previous
Next: Installation Up: Guide to LCAS Previous: Guide to LCAS

Introduction

The Gridification subtask of WP4 of the European Datagrid project interfaces the local fabric to other middleware components by a number of services, among which the Local Centre Authorization Service (LCAS) handles authorization requests to the local computing fabric and the Local Credential Mapping Service (LCMAPS) provides all local credentials needed for jobs allowed into the fabric. This document describes a prototype version of the LCAS, which is the first component released by the Gridification subtask.

In this release the LCAS is a shared library, which is loaded dynamically by the globus gatekeeper. The gatekeeper has been slightly modified for this purpose and will from now on be referred to as edg-gatekeeper.

In the future the LCAS will evolve into an AAA server and can be contacted by other components, e.g. by the Storage Element.

The authorization decision of the LCAS is based upon the users's certificate and the job specification in RSL (JDL) format. The certificate 1and RSL are passed to (plug-in) authorization modules, which grant or deny the access to the fabric. Three standard authorization modules are provided by default:

  1. A module that checks if the user is allowed on the fabric (currently the gridmap file is checked).
  2. A module that checks if the user should be banned from the fabric.
  3. A module that checks if the fabric is open at this time of the day for datagrid jobs.
All three modules get their information from simple configuration files: allowed_users.db 2, ban_users.db and timeslots.db, respectively.

In the next releases hooks will be provided for external authorization plug-in modules. These plug-ins are to be provided by the other subsystems like for example the Resource Management subsystem in order to do accounting and quota checks (for users/roles) or the Storage Element (WP5) in order to check file access or to make storage reservations.

More information on the LCAS and other components of the Gridification subsystem can be found in the WP4 architecture document D4.2 (pdf version or doc version).


Footnotes

... certificate1
In this release the gatekeeper passes the user's DN to the LCAS instead of the user's certificate
...allowed_users.db 2
In this release (1.0.3) the gridmap file is used instead of allowed_users.db
next up previous
Next: Installation Up: Guide to LCAS Previous: Guide to LCAS
Martijn Steenbakkers, Friday May 17 2002