Communicating Security Assertions over the GridFTP Control Channel

摘要

The GridFTP [1] protocol defines a general-purpose mechanism for secure, reliable, high-performance data movement. GridFTP has been widely used for efficiently transferring large volumes of data. It is based on the Internet FTP protocol and thus involves two communication channels: a control channel and a data channel. The commands and responses flow over the control channel, and the data is transmitted over the data channel. The Globus implementation of GridFTP [2] has a modular structure that supports multiple security options, multiple transport protocols, coordinated data transfer using multiple computer nodes at the source and destination, and other desirable features. The Globus GridFTP design supports secure authentication of control channel requests via the Grid Security Infrastructure (GSI), Kerberos, or an SSH security mechanism. GSI is the commonly used security mechanism for GridFTP transfers.