Description of the work
Within the EMI project, work has started to first understand how SRM may be used over a standard SSL transport and then to extend the existing SRM clients and servers to achieve this. Since SSL does not provide a delegation mechanism, this work also involves establishing an alternative delegation mechanism for SRM. This work is in conducted in collaboration with the SRM software providers outside the EMI.
SRM v2.2 is a standard protocol that allows end-users to manage their stored data and negotiate with which protocol data is to be transported independently of which software is deployed. Storage software that supports SRM v2.2 is widely deployed within WLCG: there are currently over 400 SRM v2.2 endpoints registered.
The SRM protocol uses Globus' Grid Security Infrastructure (GSI) protocol as both a secure transport for sending messages and mechanism to allow delegation. Delegation is the process where an SRM server obtains a short-lived credential from a user, allowing the server to act on behalf of that end-user. Such delegation is required for some SRM operations.
GSI has several drawbacks: it isn't a standard, there is only one provider of GSI software libraries, and it is incompatible with SSL, the current standard secure transport. This leads to duplication of code, as software that some grid software uses SSL while others use GSI.
Using the SRM protocol over standard SSL brings several advantages. In this paper, we discuss these advantages, present the progress in supporting SRM over SSL and detail the future plans.
Allowing clients and servers to use the standard SSL protocol brings several benefits. It allows storage software providers to choose which security implementation to use, potentially bringing performance gains. It also allows better tools for diagnosing problems and consolidation of software towards standards: one of the aims of the EMI project.