Unicore6 integration with gLite3 and vice versa

> I have a question about possible integration between unicore6 and gLite3
> regarding user databases.
>
> Is it possible to integrate somehow or synchronize between these two
> middlewares?
>
> In the unicore6 description I can see something like this:
>
> " In the security domain, authentication and authorisation are based on
> full X.509 certificates, SAML <http://xml.coverpages.org/saml.html>
> assertions and XACML 1.0 <http://xml.coverpages.org/xacml.html>
> authorisation policies; pluggable extensions for proxy certificates and
> VO management are provided."
>
> So is there any extension to unicore6 to accept gLite3 users? Do you
> recognize then voms proxy certificates? I know there is extension for
> unicore gateway to accept globus proxies - question is here do you
> recognize also VO extension in voms proxy certificates? And how it is
> consumed inside the unicre6?

> Hi Dawid,
>
> Dawid Szejnfeld pisze:
>> I have a question about possible integration between unicore6 and
>> gLite3 regarding user databases.
>>
>> Is it possible to integrate somehow or synchronize between these two
>> middlewares?
>>
>> In the unicore6 description I can see something like this:
>>
>> " In the security domain, authentication and authorisation are based
>> on full X.509 certificates, SAML
>> <http://xml.coverpages.org/saml.html> assertions and XACML 1.0
>> <http://xml.coverpages.org/xacml.html> authorisation policies;
>> pluggable extensions for proxy certificates and VO management are
>> provided."
>>
>> So is there any extension to unicore6 to accept gLite3 users? Do you
>> recognize then voms proxy certificates? I know there is extension for
>> unicore gateway to accept globus proxies - question is here do you
>> recognize also VO extension in voms proxy certificates? And how it is
>> consumed inside the unicre6?
> Plain globus proxies in essence doesn't provide authZ data but
> identity so the things are simpler. There is no such plugin for VOMS
> ACs (details below).
>
>
>> Generally what scenarios are possible between Unicore6 and gLite3?
>> total synchronization between these two somehow? or only accepting
>> glite3 users inside unicore6? or is it possible to accept unicore6
>> users in glite3 infrastructure?
>
> Unfortunately the answer is rather negative. First of all there is no
> support in UNICORE for VOMS attribute certificates. We're rather
> looking forward for SAML VOMS issuing SAML assertions (what is used in
> U6). So U6 won't be able to properly authorize ppl with ACs.
>
> Looking at the opposite casse (i.e. gLite accepting UNICORE 6 users):
> it is the question of SAML-VOMS integration with the rest of the gLite
> components. I'm not aware if (and if yes then to what extend) it is
> possible to use SAML-VOMS in gLite today. Assuming the positive
> answer, then it should be possible either directly or after minor
> development to use UVOS users database in gLite: UVOS and SAML-VOMS
> use the same protocol (SAML 2), mostly the same SAML profiles and
> there were some interoperability test successfully performed.
>
> Best regards
> Krzysztof
>
>