[Gt-eos] myproxy w/o globus
Mischa Salle
msalle at nikhef.nl
Mon Oct 30 18:05:08 CET 2017
Hi Jim and Venkat,
On Fri, Oct 27, 2017 at 04:37:32PM +0000, Jim Basney wrote:
> Hi all,
>
> Venkat and I have been exploring what it would take to make a MyProxy
> release without Globus dependencies. Our current work in progress is
> at https://github.com/ncsa/myproxy. We welcome your input and help!
that's good news!
Is there specific things you need help with or input for?
Personally, I think it's always good to remove dependencies on external
libraries, especially if the maintainence of those is not fully clear.
The disadvantage is code duplication (and corresponding risks).
I would say whether de-globus-ification is a worthwhile effort or not
depends on whether we can get the gridcf release off the ground...
> Some notes about current status:
> * only the myproxy-server and myproxy-logon/myproxy-get-delegaton build targets work.
> * Only CA function is working. No proxy repository function yet.
> * Server hard-coded to use /etc/grid-security/myproxy/host*.pem
> * myproxy-logon writes to /tmp/x509up_u$UID (ignoring X509_USER_PROXY)
> * myproxy-logon does STRICT_RFC2818 server certificate name checking
> * other disabled functionality: accepted_credentials_mapfile, certificate_mapfile, OCSP, VOMS
> * probably other things are broken...
>
> I think the next big task would be to re-implement the proxy
> repository functionality using OpenSSL proxy cert APIs rather than
> Globus APIs.
I would say that looking at current grid deployment, the proxy
repository functionality with corresponding myproxy-init (and perhaps
store) would probably be even more important than the CA functionality.
It's probably also a lot more tricky. Are you planning to take over code
from GT or VOMS or cANL for doing this?
Just for reference: For RCauth itself (i.e. the CA) we use the
certificate_issuer_program. For our MasterPortals, we use the
myproxy-server in proxy repository mode, including the VOMS
functionality.
Best wishes,
Mischa
> Interested in what you all think. Is this a worthwhile effort to continue?
>
> Regards,
> Jim (and Venkat)
>
>
> _______________________________________________
> Gt-eos mailing list
> Gt-eos at mailman.egi.eu
> http://mailman.egi.eu/mailman/listinfo/gt-eos
--
Nikhef Room H155
Science Park 105 Tel. +31-20-592 5102
1098 XG Amsterdam Fax +31-20-592 5155
The Netherlands Email msalle at nikhef.nl
__ .. ... _._. .... ._ ... ._ ._.. ._.. .._..
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3402 bytes
Desc: not available
URL: <http://mailman.egi.eu/pipermail/discuss/attachments/20171030/706c1c88/attachment.p7s>
More information about the discuss
mailing list