Access Keys:
Skip to content (Access Key - 0)

CSM

CSM Service


The CSM (Common Security Module) Service is a caGrid service interface to administer authorizations based on the Common Security Module (CSM). It also provides integration between CSM and Grid Grouper, enabling authorization policies to be based on user groups in one or more Grid Grouper instances.  There is a companion GAARDS UI module to administer authorization policies through the CSM service.
CSM security tools provide caGrid service developers with a flexible solution for authorization. When using CSM to enforce authorization policies, the policies are managed by the CSM service. In other words, CSM is a mechanism for making authorization decisions that determine if someone is allowed to do something. The policies that CSM uses to make decisions are kept in database tables.

When the CSM service is used to administer CSM policies, the service manipulates policies that are stored in the database tables. The CSM service is not usually involved in making authorization decisions for other services. See the overview of CSM for links to mechanisms that make authorization decisions. See the Architecture Guide for a discussion of how the CSM service and database tables interact with caGrid services.

In addition to administering authorization policies, the CSM service can import user group definitions from gridGrouper into the CSM tables and then poll gridGrouper for updates to the group definitions.

The following diagram shows how the CSM service collaborates with its user interface and other parts of the caGrid environment:

Here are descriptions of the collaborations shown in the diagram:

  1. From within the GAARDS UI, the CSM service client sends queries and updates to the CSM service.
  2. In response to its client, the CSM service queries and updates the database tables that contain CSM authorization policy information.
  3. When the client is asked to present a selection of user groups from gridGrouper for import into CSM, the client queries gridGrouper to obtain that information.
  4. If the user want to select the an individual identity, the client will query Dorian for a list of identities to select from.
  5. The CSM service polls caGrid for updates to groups that have previously been imported into CSM.
Last edited by
Mark Grand (699 days ago) , ...
Adaptavist Theme Builder Powered by Atlassian Confluence