[transfer-api] the ID

Bryce Allen ballen at ci.uchicago.edu
Fri Feb 3 17:27:04 CST 2012


On Fri, 03 Feb 2012 15:47:56 -0500
Maxim Potekhin <potekhin at bnl.gov> wrote:
> Is there a way to check if it's activated?
Both the endpoint document and activation_requirements documents
contain the current activation state.
https://transfer.api.globusonline.org/v0.10/document_type/activation_requirements/field_list.html?fields=name,type,self_link,description
https://transfer.api.globusonline.org/v0.10/document_type/endpoint/field_list.html?fields=name,type,self_link,description

For example:

_, _, data = api.endpoint(name)
print data["expire_time"]
print data["activated"]
print data["expires_in"]

If all you care about is T/F:

print api.endpoint(name, fields="activated")[2]["activated"]


> > If you have a credential stored in a myproxy server, you can just
> > use the myproxy activation method instead of delegate_proxy, as
> > long as you don't mind sending the password to GO.
> That's not an option, unfortunately. I wish there was a password-less 
> way to access
> myproxy -- which does exist in the myproxy client but is not
> supported through GO.
Do you mean using Kerberos or X.509 authentication instead of password
authentication, or using the -r/-R/-Z options? It may be possible for
GO to support this in the future. It would require GO to have a
credential that is trusted by the myproxy server, and then users could
specify that the DN of the GO credential has access with -r. I think
there is already work going on for automatic renewal; it might be some
variation on this method.


> So, to recap, do you think the following scenario would work, on my 
> semi-functional
> platform:
> a) users are required to periodically create a X509 proxy on a 
> particular host and activate their
> end-points (done by each user separately) by delegation
> b) pilots do not activate end-points but watch their expiration and 
> e-mail the user if there is a problem
Yes that should work.


> Just out of curiosity, back to my question -- at least in theory, can
> I put a signed credential on
> myproxy and pull it into the pilot job if necessary for delegation?
> I'm not saying this is the way I'll
> go, just want to see if that's an option.
I'm not sure what you mean. If the machine running the pilot job had
mkproxy or M2Crypto, it could use myproxy-logon to get the credential,
then use delegate_proxy activation with that credential. If the
credential was protected only by passphrase and the server publicly
accessible (or at least to GO), then you could use the myproxy
activation method.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: not available
URL: <https://lists.globusonline.org/mailman/private/transfer-api/attachments/20120203/3542a453/attachment.pgp>


More information about the transfer-api mailing list