Collections are discoverable access points that allow data to be transferred through GridFTP or HTTPS.
A collection consists of metadata about the collection, a DNS domain for access data on the collection, and configuration on the Data Transfer Nodes to access the collection data. Globus Connect Server version 5 supports two types of collections: mapped and guest.
A mapped collection allows access to data for users who have accounts in the storage gateway’s user space (or local account). The collection uses the identity mapping method configured on the storage gateway to map the Globus account of the user accessing the collection to an account in the Storage Gateway’s user space. All accesses to the data on the collection are performed using the local account and (if needed for the storage gateway) the account’s credentials.
Mapped collections can only be created by those with an
owner role on the Endpoint, and can be created
against any storage gateway that exists on the endpoint.
In addition, a mapped collection has optional properties to allow users to share data. The properties allow_guest_collections and sharing_restrict_paths configure the sharing option. These options are only allowed on endpoints covered under a subscription.
Currently, mapped collections can be created using the globus-connect-server collection create command line tool.
A guest collection is a collection that uses an existing mapped collection and adds the ability of a user to share access to their data on that collection. All access to the data is performed using the account of the user who created the guest collection. That user can also add entries to an access control list to allow others to access some parts of the guest collection owner’s data.
A guest collection document has additional properties mapped_collection_id and user_credential_id to describe the relationship between the collection and a mapped collection where it was created and the credential used for data access.
Currently, guest collections can be created using the Shares tab of the collection’s endpoint on the Globus web application.
Both mapped and guest collections can be accessed using the Globus transfer service or (if the endpoint is managed), via HTTPS on the Data Transfer nodes. In either case, access to a collection is authenticated with Globus Auth-issued access tokens, with data access policies defined in the storage gateway and collection.