[Swift-devel] [Fwd: [jglobus-announce] CoG JGlobus Update]

Mon Aug 2 18:15:42 CDT 2010

FYI

This won't affect swift directly since jglobus is packaged as a cog4
module, but a few details on that module will have to change.

Mihael

-------- Forwarded Message --------
From: Rachana Ananthakrishnan <ranantha at mcs.anl.gov>
To: jglobus-dev at lists.globus.org, jglobus-user at lists.globus.org,
jglobus-announce at lists.globus.org
Subject: [jglobus-announce] CoG JGlobus Update
Date: Mon, 2 Aug 2010 17:07:13 -0500

We are planning the next major release of features provided by CoG
JGlobus and CoG JGlobus-FX libraries. The first update will cover the
GSI features, and will be followed up with support for GridFTP, GRAM and
MyProxy client libraries.

The primary goals of the release are

- upgrade third-party libraries
- port to standard security Java APIs
- improve package and distribution model
- deprecation of unused code

The upcoming release will be protocol compatible with CoG JGlobus
version 1.8.x, with some API and packages deprecated. The following are
the key changes planned for the libraries:

1. Packaging and distribution: The single jar distribution that
contains, GSI, GRAM, GridFTP, MDS and MyProxy clients, will be split
into separate logical packages and modules. The dependencies and
distribution will be managed using Maven.

2. Project and code repository: The project will be moved to SourceForge
and code will be maintained on GitHub. Repository will be open for read
access, with existing dev.globus committers continuing to have commit
rights on specific sub-projects.

3. Release plan: Detailed release plans for the library are being worked
on currently. CoG JGlobus GSI will be the first piece to be upgraded,
and is targeted for an alpha release in September 2010 release. This
will be followed-up by updated GridFTP, GRAM and MyProxy client
libraries. An alpha version of each these will be released a few weeks
for early testers.

4. Support: Support commitment will continue to be best-effort, and
support requests will be monitored on a user mailing list setup for the
project.

5. CoG JGlobus 1.x support: Support for existing library will continue
for upto 3 months after the 2.0 release, to support transition to the
new code base.

The GSI features will be the first set to be upgraded and released, and
the other clients will build on the new GSI library.

The key change will be the upgrade to use standard Java SSL library, and
replace PureTLS and supporting libraries. This will not only deprecate
the use of unsupported PureTLS, but also provide access to better
security algorithms, such has SHA2. The upcoming release will also use
Java Security Provider framework and standard API, thus facilitating use
of any standard provider implementations for processing certificates and
CRLs, path validation and trust managers.

Other than discontinuing of the PureTLS package and already deprecated
code, most of the existing API will be maintained, although many will be
deprecated to favor use of more standard APIs. There are no plans to
continue support for Tomcat connectors for GSI SSL (HTTPS and
delegation). Based on prototype work currently being done, the API
changes are documented
here: http://www.mcs.anl.gov/~ranantha/jGlobus/jGlobus-jGlobusAPIChanges-02Aug10-1223PM-4.pdf

The GSI pieces will be released as following software packages, with the
following Maven artifacts planned:

1. jGlobus GSI 2.0
1A. GSI Core - API for creation of proxy credentials, and utility API to
deal with proxy credentials/certificate chains, as needed.
1B. GSI TrustManager -  Trust Manager for Java SSL with support for RFC
3820 Proxy Certificate and Signing Policy and authorization.
1C. GSS-GSI - GSS API wrapper for standard SSL and GSI SSL (SSL with
delegation), with support for RFC 3820 Proxy Certificates and Signing
Policy.
1D. GSI CL - Client tools for certificate and proxy credential handling

2. jGlobus Connectors 2.0
2A. SSL Proxy Connectors -  Tomcat and JBoss connectors to enable SSL
with Proxy certificates

The  following shows some common library usage, and the module to
download. The dependencies for the module will automatically be resolved
and downloaded:

1. Command line clients (e.g grid-proxy-init) ,  GSI CL
2. GSS API to integrate with applications,  GSS-GSI
3. API to extract properties of credential (e.g identity or type of
proxy), GSI Core
4. Tomcat requiring SSL access and support for proxies and signing
policy, SSL Proxy Connectors

Similar details for the other modules in the library, that is GridFTP,
GRAM, MDS and MyProxy will be provided soon.

Please provide comments/feedback on the planned updates. If your
community has specific usage of the current libraries, that are not
covered by this plan, please let us know.

Thanks,
Rachana

Rachana Ananthakrishnan
Argonne National Lab | University of Chicago