EMI Registry (EMIR) Service Reference Card

Functional Description

EMI Registry(EMIR) is a federated service registry aimed at discovering the services in a robust, scalable, and secure manner. The clients and external service providers can use the REST API to register and discover the service endpoints.

Daemons Running

N/A

Init Scripts And Options (start|stop|restart|...)

The EMIR server can be started/stopped through the shell scripts, which are being included in the binary and source distribution. The location of these scripts varies depending on type of to-be-installed bundle. If using the RPM distribution, the emir server can be started or stopped with "/etc/init.d/emi-emir" script.

Configuration Files Location With Example Or Template

The configuration files can be found under the "conf" directory, the files are:

• dsr.config: main configuration of the server port, acl, and scope
• certs: includes the demo server and user certificates
• log4j.properties: logging configuration
• emir.acl: contains pairs of X500 principal and the associated role
• inputfilters: containing a set of attributes which will be matched against every incoming registration request to the server, thus rejects if matched successfully
• outputfilters: containing a set of attributes, which prevents synchronization of matching service endpoint information with other registry nodes
• xacml2Policies: Containing a collection of XACML 2.0 compliant policy files,
• xacml2.config: configuration for setting up the XACML 2.0 engine
• users: Have XML files containing users' attributes

In Linux distribution, e.g. RPM or .deb, the configuration files can be located in /etc/emi/emir.

Log File Locations (And Management) And Other Useful Audit Information

The default log files can be located inside logs folder. The logs normally get appended on daily basis, however, the behavior can be controlled/changed by editing the log4j.properties file (see the previous section). In case of Linux, the logs can be found under /var/lib/emi/emir.

Open Ports

The default opened port is 54321, the property can be found and changed in dsr.config file.

Possible Unit Test Of The Service

The test run internally while building with maven, thus can be executed with "mvn test" command

Where Is Service State Held (And Can It Be Rebuilt)

The state is being maintained in MongoDB and embedded SQL datasore. Therefore, while installing it is essential pre-requisite to setup the MongoDB (v2.x.x), the configuration for setting up the database is mentioned in the dsr.config file

CRON Jobs

N/A

Security Information

Access Control Mechanism Description

The access control mechanism in EMIR is decentralized, implying every EMIR server node has its own access control policies. There are two alternatives to perform access control, which can be used exclusively, i.e. ACL, XACML

How To Block/Ban A User

By removing the entry (X500 principal) from acl file will prevent the client from registering the service endpoint information, though the client with valid X.509 will still be able to access the query interface.

Network Usage

EMIR requires a single port to server the client requests

Firewall Configuration

N/A

Security Recommendations

Avoid running as root user

Security Incompatibilities

N/A

List Of External Packages That Are Not Maintained By The Supported OS

N/A

Utility Scripts

N/A -- ShirazMemon - 16-Nov-2011