wiki:MashMyData/MyProxy

Version 3 (modified by pjkersha, 9 years ago) (diff)

--

MashMyData Delegation with MyProxy

Example

This shows how:

  1. Obtain a user credential from a MyProxy server
  2. Upload it to another MyProxy server delegating permission for a given service to access it
  3. Service access a delegated credential
  1. User gets credential by calling a MyProxy service at their home site:
    $ myproxy-logon -s my.idp.ac.uk -o creds.pem
    
  2. Upload to another MyProxy server so that CEDA's WPS can obtain a delegated credential from it:
    $ myproxy-init myproxy-init -s myproxy-service.ceda.ac.uk -x -Z "/C=UK/O=CEDA/OU=MashMyData/CN=host/wps.ceda.ac.uk" -d -n
    
  3. The CEDA WPS, obtains a delegated credential so that it run a job on the user's behalf:
    $ myproxy-logon -s myproxy-service.ceda.ac.uk -l "/O=MyIdP/CN=myusername" -n
    A credential has been received for user /O=MyIdP/CN=myusername in /tmp/x509up_u0.
    

Steps 1 and 2 could be performed by the Portal on behalf of the user.