Version 15 (modified by pjkersha, 5 years ago) (diff)


Security / ndg_security


These pages give the details of the Python code base for NDG Security. It uses the ndg_saml, ndg_xacml and MyProxyClient packages. For an overview of NDG Security see wiki:.

NDG Security uses a modular server side architecture based on the Python WSGI. WSGI filters front applications to be protected enforcing access control. Attribute and Authorisation web services, OpenID applications are all built around the WSGI specification. Using PasteDeploy, it is possible to make a flexibile configuration at deployment by arranging the filters and applications by following a simple ini file syntax.


The code base has been tested on a variety of Linux distributions including Ubuntu and SUSE. Python 2.6 is required for the ndg_security version 2.0.0. The 1.5.x branch works with Python 2.5. For server deployment, Apache2 with mod_wsgi are the recommended containers for running applications and filters. Links to installation and configuration details are given below.


Code is maintained in a SubVersion Repository Access the trunk. For the latest stable release, refer to the Releases section below.


Code is released as Python eggs and uploaded to the NERC DataGrid Python distributions repository at Releases once created are copied into the tags SVN directory. Branches are maintained where an earlier release has forked from the main development trunk e.g. the here 1.5.x branch


Adds integration with XACML 2.0 implementation ndg_xacml, and SAML authorisation service interface.

1.5.x Branch

Maintained for some existing deployments. Uses custom authorisation interface.

See here for SubVersion development branch. See here for release snapshots.


Code can be installed from the NDG distributions repository. To install the eggs e.g.

$ easy_install -f ndg_security

To pick up unit and integration tests:

$ easy_install -f ndg_security_test

tar.gz based distributions will be added soon for  PIP support.

A full set of configuration instructions will follow soon (as of writing 07/01/11).


For server side components, the recommended configuration is with mod_wsgi with Apache2:

Apache2 and mod_wsgi configuration

See wiki:ndg_security/Apache2?.