Release notes for Package edg-lcas ---------------------------------- This is the first prototype of the Local Centre Authorization Service (LCAS), which is be part of the European Datagrid software of WP4. The goal of the LCAS is to take care of the authorization to the local fabric. In order to make an authorization decision the LCAS requires the users's certificate and the job specification in RSL(JDL) format. The certificate and RSL are passed to (plugin) authorization modules, which grant or deny the permission to the job request. Three standard authorization modules are provided with the LCAS: 1) a module that checks if the user is allowed on the fabric (currently the gridmap file is checked) 2) a module that checks if the user should be banned from the fabric 3) a module that checks if there is a timeslot available for the fabric. All three modules get their information from simple configuration files: "allowed_users.db", "ban_users.db" and "timeslots.db" respectively. NOTE: In this release the gridmapfile is used instead of "allowed_users.db". In addition a plugin is provided that decides if the user is authorized based on the VOMS (VO Membership Service) information stored in the user proxy X509 certificate: This plugin is driven by a policy file, which can have 3 different formats: plain text, gacl and xacml. The LCAS provides hooks to additional plugin authorization modules, which will be provided by other fabric subsystems like e.g. the resource management subsystem. In this release the LCAS is a dynamic library, which is contacted by the (for this purpose modified) globus gatekeeper: edg-gatekeeper. History ------- 2003-09-23: New version of voms2gacl: no complaints if VOMS DNs are omitted. version 1.1.16 2003-09-17: Did the same for the gridmapfile version 1.1.15 2003-09-16: Added the possibility to accept 'normal' user proxies in the GACL file for the VOMS plugin version 1.1.14 2003-09-11: Added the right gacl dependencies --> version 1.1.13 Had to increase the api patch version, because wrong install dir --> version 1.0.3 2003-09-10: Use the right Prefix in specfile --> version 1.1.12 2003-09-10: Updated version of voms2gacl 2003-08-28: Removed header again (lcas_vo_data.h now internal to voms plugin): LCAS-1.1.11, interface-1.0.2 2003-08-27: Upgrade of LCAS framework --> version 1.1.10, VOMS plugin added, added header file, interface --> 1.0.1 2003-05-28: LCAS interface(s) packaged separately, --> LCAS-1.1.9, LCAS-interface-1.0.0 2003-04-03: removed "Requires" tags in rpm spec file, added clean_plugin_list() --> LCAS-1.1.8 2003-02-17: New globus version --> LCAS-1.1.7 2002-08-22: latex documentation created in nonstop-mode/batch mode --> LCAS-1.1.6 2002-07-29: lcas_plugin_example.mod included in rpm --> LCAS-1.1.5 2002-07-17: fixed close(logfp) bug --> LCAS-1.1.4 2002-07-11: Updated documentation --> LCAS-1.1.3 2002-07-09: Added apidoc documentation 2002-07-01: fixed minor bugs --> LCAS-1.1.2 2002-06-17: Moved to LCAS-1.1.0 2002-06-11: Added some debugging and very simple test-program --> 1.0.4 2002-05-16: 1.0.2 2002-05-17: modified lcas call --> 1.0.3 2002-03-27: First release 1.0.0 Where to get this package ------------------------- This package is available from http://datagrid.in2p3.fr/ License: -------- See LICENSE file Software Requirements --------------------- - the gssapi library as provided by globus (flavour gcc32dbg): globus_gssapi_gsi-gcc32dbg - the patched globus gatekeeper: edg-gatekeeper (version 2.1.0 or higher) - For RPM building, needs rpm version 3 or above (see http://www.rpm.org). - GNUmake or a GNU compatible 'make'. Some proprietary make command doesn't recognize the ':=' operator. - To build documentation: doxygen and latex2html Documentation ------------- - See http://www.dutchgrid.nl/DataGrid/wp4/lcas. Building/Installing edg-lcas ------------------------------- See file INSTALL Known bugs and workarounds: --------------------------- Planned evolution ----------------- - Standalone LCAS (daemon), which is contacted by the gatekeeper. - The LCAS will provide the user with a certificate signed by the LCAS. Contact ------- Martijn Steenbakkers , +31 (0) 20 592 5012 $Id: README,v 2.21 2003/09/23 09:09:36 martijn Exp $