[seek-dev] FW: OGSA-DAI Query Number 60

Bing Zhu bzhu at sdsc.edu
Mon Aug 25 14:18:02 PDT 2003 

-----Original Message-----
From: OGSA-DAI Support [mailto:support at ogsadai.org.uk]
Sent: Monday, August 25, 2003 7:40 AM
To: Bing Zhu
Subject: RE: OGSA-DAI Query Number 60



Hi Bing,

> Regarding to my first question, if a user is not allowed to specify
> a database name, user name and password, how can different users
> query a MySql database with different user names and passwords?
> For this, I can see OGSA-DAI only works in case of using GSI
authentication
> in which a DN string is mapped to a DB user name and password specified in
> the file, ExampleDatabaseRoles.xml.

You are correct, if you want each user to use a different username and
password for the database then they will have to supply a X.509
certificate and have an entry in ExampleDatabaseRoles.xml.  In this
respect the security model is similar to the gridmap file of Globus 2 (if
you're familiar with that) in which a certificate DN is mapped to a local
unix user name.  You have the flexibility that you can map different users
to the same username if you so desire.  It's also anticipated that a
future release of OGSA-DAI will include more security support, such as
message level security which will require the use of certificates.

> And also, I didn't see a way for a user to query different MySql databases
> running in one host even I put several entries of <driverURI> element for
> several databases in the file, dataResourceConfig.xml, since a query via a
> perform document doesn't specify (actually is not allowed to specify) a
> database
> name.

The database name cannot be specified anywhere because the idea is that
each GDSF is supposed to represent one particular data resource (ie
database).  If you want to have access to different databases then you
need to configure a separate GDSF for each database, and then access the
appropriate GDSF.  Previous versions of OGSA-DAI did allow you to setup a
GDSF to access more than one database but this was changed in version 3 to
follow the specification being developed by the DAIS-WG of GGF.  I have to
say I've not been following this group closely but you can find more
information and documents here:

http://www.cs.man.ac.uk/grid-db/

Hope this helps.
Best Regards,
Jeremy

--
OGSA-DAI Support provided by the UK Grid Support Centre
email:  support at ogsadai.org.uk
www:    http://www.ogsadai.org.uk/support/
UK GSC: http://www.grid-support.ac.uk/

More information about the Seek-dev mailing list