On Thu, 19 Feb 2004, Ian Stokes-Rees wrote:
> How does job output retrieval work if the proxy used to submit a job has
> expired? Does GSI provide a mechanism to identify that the proxy used for
> a "fetch output" command has the same lineage as the expired proxy used to
> submit the job, and therefore allows the operation?
A proxy is a way to verify that a process is entitled to use a particular
DN, so any proxy (or indeed any certificate) with the same DN will be
equivalent.
> Also, I'm still looking for information regarding the RB security
> architecture. I haven't been able to find this in any of the RB
> documention/papers/reports.
Probably best to ask someone in WP1 directly. I believe the WP1 security
person is Daniel Kouril, [log in to unmask] As far as I remember the
RB now has a customised version of the gridftp server to prevent
any user being able to read any proxy, which was possible in release 1.x.
Stephen
|