Version 2 (modified by pjkersha, 11 years ago) (diff) |
---|
MyProxyWebService
MyProxyWebService is a Python WSGI application for exposing MyProxy operations through a simple HTTP interface. MyProxy is a service for managing PKI credentials and is part of the Globus Toolkit. The purpose of this application is to make it more straightforward to write client applications for MyProxy. For example, bash shell scripts included with the package require only openssl and curl, command line programs include with most Linux/UNIX distributions.
The two scripts are myproxy-ws-get-trustroots.sh and myproxy-ws-logon.sh.
Bootstrap trust in the MyProxy HTTP service:
$ myproxy-ws-get-trustroots.sh -b -U https://myproxy.somewhere.ac.uk/get-trustroots Bootstrapping MyProxy server root of trust. Trust roots have been installed in /home/pjk/.globus/certificates
Obtain a credential:
$ myproxy-ws-logon.sh -U https://myproxy.somewhere.ac.uk/logon -o creds.pem
myproxy-ws-get-trustroots.sh makes a HTTP GET call to the web service and receives a response containing the trusted root files for the MyProxy server i.e. the CA certificate(s) to verify the web service's SSL certificate. These are written to the standard location $HOME/.globus/certificates.
With the trust roots installed the client can now making a logon request authenticating the server with SSL. The logon script creates a private key locally and HTTP POSTs a certificate request to the web service. The service responds with a new signed certificate. Certificate and key are written to the output file creds.pem.
The web service is effectively a proxy to the MyProxy? service. It translates the HTTP requests from the client into a request to the MyProxy server using the standard MyProxy protocol. It does this using this Python MyProxyClient package.
Installation
The software will be available as a Python egg on PyPI soon (as of writing 8 June 2010).
Source Code
Available on the SubVersion repository on this site.
Philip Kershaw