ETOKEN

About

A standard-based solution developed by the INFN Catania for central management of robot credentials and provisioning of digital proxies to get seamless and secure access to computing e-Infrastructures supporting the X.509 standard for Authorisation.

This is a servlet based on the Java™ Cryptographic Token Interface Standard (PKCS#11). For any further information, please visit the official Java™ PKCS#11 Reference Guide [1]. By design, the servlet is compliant with the policies reported in these docs [1][2].

The business logic of the library, deployed on top of an Apache Tomcat Application Server, combines different programming native interfaces and standards.

The high-level architecture of the eToken servlet is shown in the below figure:

The business logic has been conceived to provide “resources” (e.g. complaint VOMS proxies) in a “web-manner” which can be consumed by authorized users, client applications and by portals and Science Gateways. In the current implementation, robot certificates have been safely installed on board of SafeNet [3] eToken PRO [4] 32/64 KBytes USB smart cards directly plugged to a remote server which serve, so far, six different Science Gateways.

The complete list of software, tools and APIs we have used to implement the new crypto library interface are listed below:

• Apache Application Server [5],
• JAX-RS, the Java API for RESTful Web Services (JSR 311 standard) [6],
• Java Technology Standard Edition (Java SE6) [7],
• The Cryptographic Token Interface Standard (PKCS#11) libraries [8],
• The open-source BouncyCastle Java APIs [9],
• The JGlobus-Core Java APIs [10],
• The VOMS-clients Java APIs [11],
• The VOMS-Admin Java APIs [12].

Installation

For more details about how to configure and install the servlet, please refer to the installation document.

Usage

For more details about how to work with the servlet, please refer to the installation document.

Contributor(s)

Please feel free to contact us any time if you have any questions or comments.

Authors:

Roberto BARBERA - Italian National Institute of Nuclear Physics (INFN),

Giuseppe LA ROCCA - Italian National Institute of Nuclear Physics (INFN),

Salvatore MONFORTE - Italian National Institute of Nuclear Physics (INFN)

• HOW TO INSTALL AND CONFIGURE THE ETOKEN & THE MYPROXY SERVLETS
  • About this document
  • Chapter I - System and Software Requirements
  • Chapter II - Installation & Configuration
  • Chapter III - Installing Apache Tomcat
  • Chapter IV - Usage
  • Chapter V - Some RESTful APIs
  • Appendix I - Administration of the eToken smart cards
  • Appendix II - Increase “Open Files Limit”
  • Appendix III - Configure GlassFish settings
  • Troubleshooting
  • Log Files
  • Contributor(s)