WS-Trust and delegation

A discussion often taking place within the Grid community is the Grid Security Infrastructure (GSI) and the use of modified X.509 certificates for delegation scenarios (RFC 3820 – “Internet X.509 Public Key Infrastructure (PKI) Proxy Certificate Profile”). Not everyone agrees with the approach and, hence, the use of GSI sometimes means non-interoperable solutions. Credential-delegation, however, is often required in Grid and other environments.

I have blogged in the past about the work on delegation using SAML by my friend Marty and his team in Virginia. Today I had a look at the updated version of the WS-Trust (February 2005) specification and I saw that delegation is supported (I don’t know whether it was there in the previous version) in a WS environment and for any security tokens (not just X.509 certificates). This is very good news and another reason why the Grid community should be helping the industry to standardise and build the WS stack rather than trying to impose its own infrastructure (e.g. OGSI, WSRF, GSI).

Comments are closed.