Next: Internal structure
Up: Developer Guide for EDG
Previous: Components
The Authorization Manager is a Java-based coarse-grained authorization module
able to decide whether a grid client is associated with a given attribute
(also known as 'role').
The Authorization Manager verifies whether the subject DN is
associated with a given attribute. Optionally it can perform a
translation phase: after establishing that the client indeed is authorized,
it translates the associated attribute into a local-ID value,
understandable by the specific target application.
Figure:
Authorization decision flow
1#1
|
If any of the two lookup operations returns a no-hit the authorization fails.
Subsections
2004-07-02