RE: [geclipse-dev] New method:IVirtualOrganization.getDefaultTokenDescri

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

RE: [geclipse-dev] New method:IVirtualOrganization.getDefaultTokenDescription()

From: "Harald Kornmayer" <harald.kornmayer@xxxxxxxxxxxx>
Date: Tue, 4 Mar 2008 13:11:17 +0100
Delivered-to: geclipse-dev@xxxxxxxxxxx
List-archive: <https://dev.eclipse.org/mailman/private/geclipse-dev>
List-help: <mailto:geclipse-dev-request@eclipse.org?subject=help>
List-subscribe: <https://dev.eclipse.org/mailman/listinfo/geclipse-dev>, <mailto:geclipse-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://dev.eclipse.org/mailman/listinfo/geclipse-dev>, <mailto:geclipse-dev-request@eclipse.org?subject=unsubscribe>
Thread-index: Ach96pekUGSPowb0RIy2iW0Gb0LbSAABYQ0w

Hi all 

>Now when user start g-Eclipse with VOMS VO, and expand GridFTP 
>connection, we ask him for Globus Proxy. Then when user submit job we 
>ask him again for proxy, but this time for VOMS Proxy.
>Additionally if user belongs to many VO, and uses Globus Proxy during 
>GridFTP operation, it's very probably that he get "access denied", i
>because GridFTP server always maps this user to first VO in 
>configuration file (VOMS proxy works fine in this case).
>
>To avoid above problems, we could ask in GridFTP plugin for VOMS Proxy 
>instead of Globus Proxy. But in this case we would add dependency 
>GridFTP -> VOMS, what we want to avoid.

Good point! I agree that we should make life easier for the user here.
Perhaps we could ask the user which kind of proxy he wants for GridFTP
connnections. Now, the framework is very strict on GridProxy for GridFTP,
but VOMS proxy would work too. 
So let the user decide, and I would recommend the user to create VOMS proxy
if available. Perhaps that make things not as straightforward as proposed by
Mariusz. 

Let discuss this in the video conference!

>As another solution I'd like to add to interface IVirtualOrganization 
>following method:
>IAuthenticationTokenDescription getDefaultTokenDescription();
>
>For VO implementations this mehod will return:
>GenericVirtualOrganization - null
>VomsVirtualOrganization - VomsProxyDescription
>GriaVirtualOrganization - GriaKeyStoreDescription
>
>Then GridFTP can use this method in following way:
>
>IAuthenticationTokenDescription description = 
>vo.getDefaultTokenDescription();
>if( !description instanceof GlobusProxyDescription ) {
>	description = new GlobusProxyDescription();
>}
>AbstractAuthTokenProvider.staticRequestToken( description );
>
>In this solution during GridFTP operation we will ask user to create 
>VOMS Proxy for VOMS project, and Globus Proxy for Generic VO.
>
>
>Does anybody have objection to add method 
>IVirtualOrganization.getDefaultTokenDescription() to our  model?
>
>
>Regards,
>-- 
>Mariusz Wojtysiak
>_______________________________________________
>geclipse-dev mailing list
>geclipse-dev@xxxxxxxxxxx
>https://dev.eclipse.org/mailman/listinfo/geclipse-dev

Follow-Ups:
- Re: [geclipse-dev] New method:IVirtualOrganization.getDefaultTokenDescription()
  - From: Thomas Köckerbauer

References:
- [geclipse-dev] New method: IVirtualOrganization.getDefaultTokenDescription()
  - From: Mariusz Wojtysiak

Prev by Date: AW: [geclipse-dev] New method:IVirtualOrganization.getDefaultTokenDescription()
Next by Date: Re: [geclipse-dev] New method:IVirtualOrganization.getDefaultTokenDescription()
Previous by thread: AW: [geclipse-dev] New method:IVirtualOrganization.getDefaultTokenDescription()
Next by thread: Re: [geclipse-dev] New method:IVirtualOrganization.getDefaultTokenDescription()
Index(es):
- Date
- Thread

Breadcrumbs