Hi Kakoli, I saw your earlier post in gt-user on this subject and I started to reply but then decided not to. I'm not a CAS expert but I will try to answer some of your questions below. The others I'm afraid I'll have to leave for someone who knows more about CAS.
On Feb 12, 2008 1:14 AM, Kakoli Sen <[EMAIL PROTECTED]> wrote: > > I am part of the development team working on GARUDA, the Indian grid. > Currently, we are thinking of using CAS for role-based authorisation in VO. > The admin > guide recommended PostgreSQL. What is the version of PostgreSQL? Globus > version used is 4.0.4. I don't know. > Also, I have 2 more queries: > ## In the documentation, I came across that the GridFTP server is > CAS-enabled. Yes, but I think it's broken. Last I heard there were some important bugs involving CAS and GridFTP that remain unresolved. I could be wrong about that. Maybe someone else knows more. > What about the job execution service WS-GRAM? Is that CAS-enabled? I don't know. > If not, then can job > submission be done in Globus 4.0.4 with CAS credentials? Well, you can use GridShib credentials with GRAM. GridShib credentials are similar to CAS credentials since both rely on X.509-bound SAML tokens. Whereas CAS binds an AuthorizationDecisionStatement to a proxy certificate, GridShib binds AuthenticationStatement and AttributeStatement. In that sense, CAS and GridShib are complementary. > ## Can CAS work with CAS-unaware grid services? In that case, CAS > credentials would be > ignored, but the service call would not fail. That is correct. The CAS SAML token (as well as the GridShib SAML token) are bound to a non-critical X.509 extension, which a relying party simply ignores. Hope this helps, if only a little. Tom
