HI Andrea,
Yes, as shipped today, the delegated credential needs to be on the same hosting environment as the service trying to access it. There are no immediate plans for GT to have a delegation service that allows access to credentials from a remote container. But I am aware of some efforts in the community for building such a system - I will ping them to see if they are willing to share plans and progress. Meanwhile, if you are interested in working on such a solution, we will more be than happy to work with you on that. The delegation service component is tracked in [EMAIL PROTECTED] and [EMAIL PROTECTED] Thanks! Rachana _____ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andrea Turli Sent: Monday, January 14, 2008 10:13 AM To: [email protected] Subject: [gt-user] Fwd: Information about Delegation Service Hi all, I'm studying the documentation of Delegation Service on GT4.0 but some points are not really clear to me. In particular I want to use this mechanism in an infrastructure based on GT 4.0 that supports also dynamic deployment of services. For this reason, typically I need to delegate credentials to a service deployed without human interaction. According to the architecture described at Architecture and design overview I have understood that "Services that are interested in the delegated credential can register a listener (an object that implements org.globus.delegation.Delegatio nRefreshListener) with the specific delegated credential resource. There currently is no remote interface for this, hence only services that are in the same hosting environment can register interest. The credentials are pushed to the listener anytime a refresh is done." At the moment - correct if I'm wrong - if we want to use the Delegation Service we need to invoke the Delegation Factory Service on the same node where the service has been deployed (of course this has to be done after the dynamic deployment has taken place). This way, delegated credentials must be created on that given node and therefore are accessible only by the local services. This approach doesn't leverage the actual benefits of a dynamic environment. We would better prefer to create a delegated credential (no matter the node it is stored on) before the service is deployed. Then register the service to the delegated credentials through the EPR by means of the remote interface scenario. Is it planned for the future the implementation of a remote interface to register interest for delegated credentials hosted on a remote node? If yes, when do you expect to release this feature? Otherwise could it be interesting for you if we collaborate to implement this functionality? Thank you in advance for your support, Andrea
