The ListResources, GetProperty and EndToEndClient clients support both message-level and transport-level security. The command line options to configure security are described here.
To use message-level security clients must specify a security descriptor file that describes the type of message-level security they wish to use. Client-side security descriptors are described in detail in the Globus Toolkit Writing client side security descriptors documentation [1].
An example client-side security descriptor file is show here:
This security descriptor specifies that GSI secure conversation is to be used with privacy (encryption) and full delegation. Host authorization ensures that the server's host credential matches the hostname of the URL used to access the server.
To specify that the client is to use message-level security you must write an appropriate security descriptor file and then specify the absolute path to the file using the following command line argument:
-Ddai.mls.desc=ABSOLUTE-PATH-TO-SECURITY-DESCRIPTOR
For example:
$ ant dataServiceClient -Ddai.url=http://myComputer.myCompany.com:8080/wsrf/services/ogsadai/MyDataService -Ddai.resource.id=MySQLResource -Ddai.action=examples/Perform/JDBC/query/select1Row.xml -Ddai.mls.desc=/home/me/myMessageLevelSecurityDescriptor.xml
To use transport-level security you must specify the https protocol rather than http in the service URL. Note that the port used by the service for https may also be different from that used by http. For example a service that accepts both message-level and transport-level security may support http on port 8080 and https on port 8443.
In addition to these changes to the URL, to use transport-level security with the OGSA-DAI clients you must also specify the type of level security you require. There are two options available: integrity and encryption. With the integrity option data integrity is guaranteed (i.e. it cannot be altered by third parties) but it is not encrypted. With the encryption option data integration is also guaranteed but additionally the data is also encrypted so that it cannot be read by third parties.
The level of transport-level security to apply is specified used the following command line argument:
-Ddai.tls=integrity | encryption
For example:
$ ant dataServiceClient -Ddai.url=https://myComputer.myCompany.com:8443/wsrf/services/ogsadai/MyDataService -Ddai.resource.id=MySQLResource -Ddai.action=examples/Perform/JDBC/query/select1Row.xml -Ddai.tls=encryption
[1] http://www-unix.globus.org/toolkit/docs/4.0/security/authzframe/security_descriptor.html#s-authzfram-client-secdesc
| Up: Clients | ||
| ? International Business Machines Corporation, 2002-2006 | ? The University of Edinburgh, 2002-2006 |