Version 3 (modified by pjkersha, 11 years ago) (diff) |
---|
MashMyData Delegation with MyProxy
Example
This shows how:
- Obtain a user credential from a MyProxy server
- Upload it to another MyProxy server delegating permission for a given service to access it
- Service access a delegated credential
- User gets credential by calling a MyProxy service at their home site:
$ myproxy-logon -s my.idp.ac.uk -o creds.pem
- Upload to another MyProxy server so that CEDA's WPS can obtain a delegated credential from it:
$ myproxy-init myproxy-init -s myproxy-service.ceda.ac.uk -x -Z "/C=UK/O=CEDA/OU=MashMyData/CN=host/wps.ceda.ac.uk" -d -n
- The CEDA WPS, obtains a delegated credential so that it run a job on the user's behalf:
$ myproxy-logon -s myproxy-service.ceda.ac.uk -l "/O=MyIdP/CN=myusername" -n A credential has been received for user /O=MyIdP/CN=myusername in /tmp/x509up_u0.
Steps 1 and 2 could be performed by the Portal on behalf of the user.