On Tue, Feb 3, 2009 at 10:28 PM, Kakoli Sen <kako...@cdacb.ernet.in> wrote: > > When you say that Globus Toolkit can consume SAML1.x assertions, does > it > also mean that the Globus-VOMS interceptors can extract and work with SAML > assertions?
No, for that you need GridShib: http://gridshib.globus.org/ Note that a "security table" is on the Globus roadmap: http://dev.globus.org/wiki/GridShib_Security_Table Despite the title, this work is on the Java WS Core roadmap (I believe). The Globus Security Table serves as an abstraction for all user attributes, whether they come from VOMS attribute certificates, SAML assertions, or whatever. Beyond that, nothing much has been discussed (as far as I know) but I suspect that the Globus XACML PDP will come into play: http://www.globus.org/toolkit/docs/4.2/4.2.1/security/wsaajava/pdp/wsaajava-pdp-XACMLAuthzCallout.html Sorry for all the handwaving but that's what it looks like down the road (to me, anyway). Yes, there's a lot of work to do, but Globus is an open-source project, so if you want to help, certainly there are ways to contribute. Tom
