Common Authentication Library

This page is devoted to the common authentication library (caNl) , which is one of the main efforts of the EMI Security Area. It covers the work performed by the caNl task force.

For the CANL Product Team check this page: Canl Product Team

Key facts about the library:

• The caNl is a broad term and is used to describe possibly more then one library.
• Authentication and related functions are the the primary aim of those libraries. However other not authN-related libraries are likely to emerge from this task force, especially common-authZ library (future work).
• We agreed that first of all we create a common TLS authentication library. It will be designed with care to abstract any constructs (as Principial or Credential) reusable for other implementations (see the next point).
• IF there is a need in future for a different authentication mechanism used by >1 EMI component this library may be created under Common Authentication Library task force auspices. However we should keep in mind that STS service can provide a very similar features with a lower effort and in a simple way so it should be used/extended whenever possible.
• The TLS caNl will be in fact a set of 3 libraries: C, C++ and Java.
• The initial discussions and API planning was performed by the caNl task force. Afterwards a caNl PT was created to implement and maintain the three library versions.

Programming language bindings and affected components

The TLS library APIs were prepared by the task force for the three languages: C, C++ and Java. The following pages provide information about those APIs and track any significant changes which were applied during the implementation phase:

JAVA: HERE.

C: HERE.

C++: API initially following one for C is HERE.

The task force also established a list of components which code might be reused during implementation of the API and a list of components which should in future be refactored to use the caNl. The list is HERE.

Work performed by the caNl task force

Namespaces and signing policy formats

EUGridPMA (both namespaces & signing policy syntax): http://www.eugridpma.org/documentation/

Globus signing policies: http://dev.globus.org/wiki/Signing_Policy

Common error massages list: HERE

Supported certificate extensions: TBD

The following page contains some more archived details about the previous work of the task force: task force work page

-- KrzysztofBenedyczak - 07-Jul-2010