next up previous
Next: Internal structure Up: Developer Guide for EDG Previous: Components

Authorization Manager

The Authorization Manager is a Java-based coarse-grained authorization module able to decide whether a grid client is associated with a given attribute (also known as 'role').
The Authorization Manager verifies whether the subject DN is associated with a given attribute. Optionally it can perform a translation phase: after establishing that the client indeed is authorized, it translates the associated attribute into a local-ID value, understandable by the specific target application.
Figure: Authorization decision flow
1#1

If any of the two lookup operations returns a no-hit the authorization fails.



Subsections

2004-07-02