After the identity federation, the user or its proxy can
access different resources belonging to different nodes without bothering about repeated
authentication. This SSO service performs implicitly and has three different methods of
invocation to maintain flexibility for the user.
A Secur ty Solut on for Web-Serv ces Based Gr d Appl cat on
Copyright ?© 2007, Idea Group Inc. Copying or distributing in print or electronic forms without written permission
of Idea Group Inc. is prohibited.
Authorization
Authorization in WSGrid is naturally achieved by means of personal workspaces. One
user owns an individual workspace, which is not accessible to other users. A user can fully
control his workspace, including the configuration of his environment. The system leaves
all privileges to the space owner. In order to access the space, a requester must provide a
security token to prove ownership. This ensures security and privacy. Therefore, it is the
owner??™s responsibility to keep malignant codes away from the space. However, this causes
another problem. To share resources with another user, delegation must be allowed. In the
design of WSGrid, the delegation cannot be partial. This problem is solved by the use of
GateService.
Pages:
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455