posted 3 Feb 2011, 02:47 by Unknown user
updated 3 Feb 2011, 02:48 by Matthias Hofmann
The Globus team is planning the next major release of features provided by CoG JGlobus and CoG JGlobus-FX libraries. The first update will cover the GSI features, and will be followed up with support for GridFTP and GRAM clients. NCSA plans to upgrade the MyProxy clients also. The primary goals of the release are
- upgrade third-party libraries
- port to standard security Java APIs
- improve package and distribution model
- deprecation of unused code
The following changes are being planned for the GSI features, which will remain protocol complaint with CoG JGlobus 1.8, but not API compliant. All existing features are expected to be supported, with the following changes:
- Upgrade to use standard Java SSL library, and replace PureTLS and supporting libraries. This will not only deprecate the use of unsupported PureTLS, but also provide access to better security algorithms, such has SHA2.
- Use Java Security Provider framework and standard API, thus facilitating use of any standard provider implementations for processing certificates and CRLs, path validation and trust managers.
- Support for legacy and draft proxy certificates will be dropped, and only RFC 3820 Proxy Certificate will be supported.
The following packages are planned, such that the distribution will not be a single jar:
- jGlobus GSI 2.0
- GSI Core - API for creation of proxy credentials, and utility API to deal with proxy credentials/certificate chains, as needed.
- GSI TrustManager - Trust Manager for Java SSL with support for RFC 3820 Proxy Certificate and Signing Policy and authorization.
- GSS-GSI - GSS API wrapper for standard SSL and GSI SSL (SSL with delegation), with support for RFC 3820 Proxy Certificates and Signing Policy.
- GSI CL - Client tools for certificate and proxy credential handling
- jGlobus Connectors 2.0
- SSL Proxy Connectors - Tomcat and JBoss connectors to enable SSL with Proxy certificates
- GSI SSL Connectors - Tomcat and JBoss connectors to enable GSI SSL
Feedback is welcomed via email to our contact address.