Perun service is the way how the Perun system propagates access control information to the services.

There are two different types of services:

• Non-web services

• Web services

Non-web services cannot be accessed via a web browser. Therefore we cannot use federated identity concept here. Example of such services is computational nodes, mailing lists, storages.

In the Perun system, those services are expressed as a facility. The facility then provides so-called resources which are available (under defined conditions) to users organized into virtual organizations and groups. More information...

The facility can be structured: e.g. cluster can contain several nodes. Services are propagated to each node in the same way. Structured parts of the facility are named destinations. It is possible to connect a service just to one specific destination without affecting other ones. Read more here.

Provisioning of services (propagation) is automatically triggered by an event in the Perun system. Each service has a special event for its propagation. Propagation of service can also be forced from GUI or CLI. Services are usually realized by two steps that means two scripts:

• Master

• Slave

MASTER script is performed at Perun server. It reads the data from the database and prepares it as a file in the required structure. Usually, the script sends this file to a targeted device (defined by destinations). Data for MASTER script are defined by attributes. Each service has several required attributes which are necessary for a successful run of service.

More about attributes and how to set them.

SLAVE script is executed at the target device. It reads file sent by master and executes needed commands. Slave scripts can be modified for particular using by pre and post scripts. Pre script starts working before the slave script and post script after ending of the slave script.

For more detailed description of services follow this link and also this manual.

Example of internal Service.