wiki:MyProxyWebService

Version 2 (modified by pjkersha, 9 years ago) (diff)

--

MyProxyWebService

MyProxyWebService is a Python WSGI application for exposing MyProxy operations through a simple HTTP interface.  MyProxy is a service for managing PKI credentials and is part of the Globus Toolkit. The purpose of this application is to make it more straightforward to write client applications for MyProxy. For example, bash shell scripts included with the package require only openssl and curl, command line programs include with most Linux/UNIX distributions.

The two scripts are myproxy-ws-get-trustroots.sh and myproxy-ws-logon.sh.

Bootstrap trust in the MyProxy HTTP service:

$ myproxy-ws-get-trustroots.sh -b -U https://myproxy.somewhere.ac.uk/get-trustroots
Bootstrapping MyProxy server root of trust.
Trust roots have been installed in /home/pjk/.globus/certificates

Obtain a credential:

$ myproxy-ws-logon.sh -U https://myproxy.somewhere.ac.uk/logon -o creds.pem

myproxy-ws-get-trustroots.sh makes a HTTP GET call to the web service and receives a response containing the trusted root files for the MyProxy server i.e. the CA certificate(s) to verify the web service's SSL certificate. These are written to the standard location $HOME/.globus/certificates.

With the trust roots installed the client can now making a logon request authenticating the server with SSL. The logon script creates a private key locally and HTTP POSTs a certificate request to the web service. The service responds with a new signed certificate. Certificate and key are written to the output file creds.pem.

The web service is effectively a proxy to the MyProxy? service. It translates the HTTP requests from the client into a request to the MyProxy server using the standard  MyProxy protocol. It does this using this  Python MyProxyClient package.

Installation

The software will be available as a Python egg on PyPI soon (as of writing 8 June 2010).

Source Code

Available on the  SubVersion repository on this site.


Philip Kershaw