Version 3 (modified by pjkersha, 11 years ago) (diff)


MashMyData Delegation with MyProxy


This shows how:

  1. Obtain a user credential from a MyProxy server
  2. Upload it to another MyProxy server delegating permission for a given service to access it
  3. Service access a delegated credential
  1. User gets credential by calling a MyProxy service at their home site:
    $ myproxy-logon -s -o creds.pem
  2. Upload to another MyProxy server so that CEDA's WPS can obtain a delegated credential from it:
    $ myproxy-init myproxy-init -s -x -Z "/C=UK/O=CEDA/OU=MashMyData/CN=host/" -d -n
  3. The CEDA WPS, obtains a delegated credential so that it run a job on the user's behalf:
    $ myproxy-logon -s -l "/O=MyIdP/CN=myusername" -n
    A credential has been received for user /O=MyIdP/CN=myusername in /tmp/x509up_u0.

Steps 1 and 2 could be performed by the Portal on behalf of the user.