GridSite and GHTTPS update

1
GridSite and G-HTTPS update

• Andrew McNab, University of Manchester
• mcnab_at_hep.man.ac.uk

2
GridSite 0.3/fileGridSite gt GridSite 0.9

• GridSite manages access to websites and HTTP(S)
  fileservers
• Users and admins load GSI cert key into
  unmodified web browsers
• GridSite used by EDG Testbed website, GridPP and
  e-Science ETF Level 2 Grid support websites in
  the UK.
• ACLs control read and write access to files and
  directories
• Write access either by HTML forms (interactive)
  or HTTP PUT / DELETE (programmatic)
• GridSite 0.9 merges interactive GridSite 0.3
  functionality with programmatic functionality of
  fileGridSite.
• Basic access control, page formatting and
  PUT/DELETE now done by Apache module
  mod_gridsite.
• Standalone grst-admin.cgi and grst-proxy.cgi
  provide site admin and G-HTTPS (delegation
  and 3rd party transfer) support.
• Can host websites, fileserving and Grid/Web
  Services on same server.

3
GridSite 0.9 architecture
(Red As of 17/Feb/03, not yet implemented.)
grst-admin.cgi page editing, file upload, ACL
editing etc.
grst-proxy.cgi G-HTTPS, 3rd party COPY, proxy
GET PUT
mod_gridsite .html headers and footers
.shtml, mod_perl CGI, PHP
mod_jk JSP with Tomcat
mod_gridsite PUT, DELETE, MOVE
mod_gridsite GACL access control GACL gt env
vars
mod_ssl plain HTTPS gt env vars
HTTP
mod_ssl-GSI HTTPS with GSIVOMSCAS gt env vars
4
G-HTTPS

• grst-proxy.cgi now has example G-HTTPS
  implementation
• (previously in fileGridSite)
• GET-PROXY-REQ and PUT-PROXY-CERT for delegation
• COPY between remote HTTPS host and webserver
  using delegated proxy
• grst-proxy-put command line tool
• real work for the above done by functions in
  libgridsite, built directly on OpenSSL C/C API
  to appear.
• G-HTTPS spec exists in draft form
• see post to wp7-security list
• Negotiated a 15 minutes slot about HTTPS
  extensions in GGF Data Transport RG meeting gt
  some kind of document more people.