MashMyData Delegation with MyProxy

Example

This shows how:

1. Obtain a user credential from a MyProxy server
2. Upload it to another MyProxy server delegating permission for a given service to access it
3. Service access a delegated credential

1. User gets credential by calling a MyProxy service at their home site:

   $ myproxy-logon -s my.idp.ac.uk -o creds.pem
   

2. Upload to another MyProxy server so that CEDA's WPS can obtain a delegated credential from it:

   $ myproxy-init myproxy-init -s myproxy-service.ceda.ac.uk -x -Z "/C=UK/O=CEDA/OU=MashMyData/CN=host/wps.ceda.ac.uk" -d -n
   

3. The CEDA WPS, obtains a delegated credential so that it run a job on the user's behalf:

   $ myproxy-logon -s myproxy-service.ceda.ac.uk -l "/O=MyIdP/CN=myusername" -n
   A credential has been received for user /O=MyIdP/CN=myusername in /tmp/x509up_u0.
   

Steps 1 and 2 could be performed by the Portal on behalf of the user.