Changes between Version 2 and Version 3 of MyProxyWebService


Ignore:
Timestamp:
08/06/10 11:57:24 (9 years ago)
Author:
pjkersha
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • MyProxyWebService

    v2 v3  
    1515$ myproxy-ws-logon.sh -U https://myproxy.somewhere.ac.uk/logon -o creds.pem 
    1616}}} 
    17 `myproxy-ws-get-trustroots.sh` makes a HTTP GET call to the web service and receives a response containing the trusted root files for the !MyProxy server i.e. the CA certificate(s) to verify the web service's SSL certificate.  These are written to the standard location $HOME/.globus/certificates. 
     17`myproxy-ws-get-trustroots.sh` makes a HTTP `GET` call to the web service and receives a response containing the trusted root files for the !MyProxy server i.e. the CA certificate(s) to verify the web service's SSL certificate.  These are written to the standard location `$HOME/.globus/certificates`. 
    1818 
    19 With the trust roots installed the client can now making a logon request authenticating the server with SSL.  The logon script creates a private key locally and HTTP POSTs a certificate request to the web service.  The service responds with a new signed certificate.  Certificate and key are written to the output file `creds.pem`. 
     19With the trust roots installed the client can now making a logon request authenticating the server with SSL.  The logon script creates a private key locally and HTTP `POST`s a certificate request to the web service.  The service responds with a new signed certificate.  The certificate and key are written to the output file `creds.pem`. 
    2020 
    21 The web service is effectively a ''proxy'' to the MyProxy service.  It translates the HTTP requests from the client into a request to the !MyProxy server using the standard [http://grid.ncsa.illinois.edu/myproxy/protocol/ MyProxy protocol].  It does this using this [http://pypi.python.org/pypi/MyProxyClient Python MyProxyClient] package. 
     21The web service is effectively a ''proxy'' to the !MyProxy service.  It translates the HTTP requests from the client into a request to the !MyProxy server using the standard [http://grid.ncsa.illinois.edu/myproxy/protocol/ MyProxy protocol].  It does this using this [http://pypi.python.org/pypi/MyProxyClient Python MyProxyClient] package.  One drawback is that since there is an intermediary (the web service) between the !MyProxy server and the client, it is not possible for the client to authenticate with the !MyProxy server directly with SSL.  As such, only operations like logon are suited to this approach.  To make a complete implementation of the !MyProxy operations, the HTTP interface would need to be integrated directly into the !MyProxy server. 
    2222 
    2323== Installation == 
    2424The software will be available as a Python egg on PyPI soon (as of writing 8 June 2010). 
     25 
     26== Deployment == 
     27The WSGI code has a Paste Deploy interface enabling convenient configuration via an ini file. e.g. 
     28 
     29{{{ 
     30[server:main] 
     31use = egg:Paste#http 
     32host = 0.0.0.0 
     33port = 5000 
     34 
     35[app:main] 
     36paste.app_factory = myproxy.server.wsgi.app:MyProxyApp.app_factory 
     37prefix = myproxy. 
     38 
     39# HTTP Basic Auth authentication realm used with MyProxy logon requests. 
     40myproxy.httpbasicauth.realm = myproxy-realm 
     41 
     42# The key name in the WSGI environ dictionary which holds the MyProxy logon 
     43# function.  This is used by the HTTP Basic Auth middleware 
     44myproxy.logon.logonFuncEnvKeyName = MYPROXY_LOGON_FUNC 
     45 
     46# Path for logon requests 
     47# 
     48# The URI path or paths that will be matched to a logobn request.  Regular 
     49# expression may be entered but typically only a single path would be expected 
     50# for the logon request.  The format of this option is inherited from the more 
     51# generic HTTP Basic Auth middleware which the MyProxyApp uses. 
     52myproxy.logon.rePathMatchList = /logon 
     53 
     54# Path for get trust roots call.  This should be a single path.  Regular  
     55# expressions are not supported. 
     56myproxy.getTrustRoots.path = /get-trustroots 
     57 
     58# MyProxy server which this MyProxy WSGI app is a client to.  Set here to the  
     59# fully qualified domain name or else set the MYPROXY_SERVER environment 
     60# variable.  See the documentation for the MyProxyClient egg for details 
     61#myproxy.client.hostname = myproxy.somewhere.ac.uk 
     62myproxy.client.caCertDir = /etc/grid-security/certificates 
     63}}} 
     64As a WSGI application, it integrates easily with Apache via `mod_wsgi`.  Test code is provided with package which uses Paste's `paster` web server. 
    2565 
    2666== Source Code ==