Information Technology Reference
In-Depth Information
for entering the credentials, storing the provided credentials, and usage of the
provided credentials.
6.5.1.1 User Interface for Providing Credentials
After the user is logged into the e-Science gateway, and before he has started any
experiment relying on credentials, there should be user interfaces for providing any
necessary credentials to run the experiments. These interfaces can be included in the
experiment
s interface, or can be placed into a dedicated, security-related place on
the gateway
'
s user interface.
WS-PGRADE/gUSE follows the latter approach: all the portlets related to set-
ting necessary credentials for the different distributed computing infrastructures are
grouped in the
'
tab. This tab contains subpages with portlets for setting
the credentials to be used. The organization of this
Security
Security
tab is shown in
Fig. 6.1 .
As can be seen, WS-PGRADE/gUSE currently offers four different credential
management portlets:
￿
Certi
cate: for managing X.509 proxy certi
cates,
Public key: for displaying public keys for public-key-based SSH authentication,
￿
Assertion: for managing SAML [SAML] assertions, and
￿
CloudBroker: for de
ning e-mail and password for cloud-directed jobs.
￿
All of these portlets implement a user interface for de
ning the necessary cre-
dentials depending on the credential
'
s properties.
cate management
tool based on the MyProxy Credential Management Service [MyProxy]. Through
the interface provided by the portlet, the users can: upload their X.509 certi
The
Certi
cate
portlet offers a complete X.509 proxy certi
cates to
a MyProxy server, download X.509 proxy certi
cates from a MyProxy server and
assign them to resources relying on X.509 proxy authentication, and can manage
X.509 proxy certi
cates stored on MyProxy servers. This latter interface is shown
in Fig. 6.2 . Although the portlet can be used to upload proxies to MyProxy servers,
this is achieved by transferring the user
'
is certi
cate and key to the portal server
from the user
s machine. In order to overcome this security risk, one may use other
tools that run on the user
'
'
s machine and are capable of uploading proxies to
Fig. 6.1 Security tab in WS-PGRADE/gUSE
Search WWH ::




Custom Search