Access Keys:
Skip to content (Access Key - 0)

CSM

CSM Service


The Common Security Module Service provides a caGrid service interface to administer authorizations based on the Common Security Module (CSM). It also provides integration between CSM and Grid Grouper, enabling authorization policies to be based on groups in Grid Grouper.  The CSM Service also provides a GAARDS UI module to administer authorization policies through the GAARDS UI.
CSM provides security tools that provide application/service developers with a flexible solution for authentication. When using CSM to enforce authorization policies, the policies are managed by the CSM service. In other words, CSM is a mechanism for making authorization decisions that determine if someone is allowed to do something. The policy information that CSM uses to make decision is kept in database tables. In addition to administering  authorization policies, the CSM service can import user group definitions from gridGrouper into the CSM tables and then poll gridGrouper for updates to the group definitions.

The following diagram shows how the CSM service collaborates with its user interface and other parts of the caGrid environment:

Here are descriptions of the collaborations shown in the diagram:

  1. From within the GAARDS UI, the CSM service client sends queries and updates to the CSM service.
  2. In response to its client, the CSM service queries and updates the tables that contain CSM authorization policy information.
  3. When the client is asked to present a selection of user groups from gridGrouper for import into CSM, the client queries gridGrouper to obtain that information.
  4. If the user want to select the an individual identity, the client will query Dorian for a list of identities to select from.
  5. The CSM service polls caGrid for updates to groups that have previously been imported into CSM.

Notice that the CSM service is not involved in making run-time authorization decisions for other services or applications. The only connection between the CSM service and the making of authorization decision is through updates to the CSM tables.
Last edited by
Keith Gasper (707 days ago)
Adaptavist Theme Builder Powered by Atlassian Confluence