SRMSEC: migration from GSI to TLS/SSL

Currently, SRM software uses the proprietary GSI security protocol. This was developed by the Globus Alliance and was based on the existing SSL standard. Support for this protocol is available only from Globus. With the standardisation of proxy certificates, SSL libraries began to support delegated proxy. This meant that many of the operations provided by SRM (those that do not require delegation) may be made available using SSL rather than GSI, and using standard libraries. Remaining open is how to handle those operations that require the server to have a delegated certificate.

This activity is to migrate deployed storage element software from using SRM that supports only GSI to software that supports clients using the SSL/TLS protocol. As described in the Description of Work, there are a number of steps to achieve this:

  1. Describe how SRM over SSL should work,
  2. Creating one prototype SE and one client,
  3. All EMI Storage Elements plus EMI clients adopt plan,
  4. Design a migration strategy,
  5. Enact the strategy.

Related activity

There is activity in EMI JRA1.x (security) about migration from GSI to SSL.

Design documents

There is:


There was a face-to-face in EGI Technical Forum, Amsterdam (2010-09-16).

Phone meetings:

-- PaulMillar - 04-Oct-2010

Edit | Attach | Watch | Print version | History: r5 < r4 < r3 < r2 < r1 | Backlinks | Raw View | WYSIWYG | More topic actions
Topic revision: r5 - 2011-01-14 - PaulMillar
    • Cern Search Icon Cern Search
    • TWiki Search Icon TWiki Search
    • Google Search Icon Google Search

    EMI All webs login

This site is powered by the TWiki collaboration platform Powered by PerlCopyright & 2008-2023 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
or Ideas, requests, problems regarding TWiki? use Discourse or Send feedback