Project

General

Profile

Actions

Bug #1163

open

install and configure certificate authority system for ecogrid

Added by Matt Jones over 20 years ago. Updated over 18 years ago.

Status:
New
Priority:
Immediate
Assignee:
Category:
ecogrid
Target version:
Start date:
09/26/2003
Due date:
% Done:

0%

Estimated time:
Bugzilla-Id:
1163

Description

We need a common mechanism for authenticating users for EcoGrid. We have
general agreement that the OGSA Grid Security Infrastructure (GSI) is the right
way to handle this. For that to work, every user needs to have a public key
certificate which is signed by a certificate authority (CA). In Seattle Sept 23
the EcoGrid team agreed that the best way to handle this is through a
hierarchichal certificate granting structure. A root EcoGrid CA will sign
certificates for various organizations such as LTER and NCEAS, and they in turn
will sign certificates for users in their organization. This 'chain-of-trust',
if properly managed, should establish strong security and be scalable to the >
5000 scientists in our current personnel directories.

Each of these trusted CA's would probably also act as one of the distributed
EcoGrid Registries for locating services throughout the grid.

For this to work, we need a simple system in place for users to request
certificates and for the CA admins to sign them. Matt agreed to tackle this.

The tricky issues remaining here include:
1) What system can be used for distributing DN info to mapfiles?
2) How can browser-based interfaces be used with certificates?

Actions #1

Updated by Matt Jones over 18 years ago

This system will instead be implemented by the GAMA server using MyProxy. We
will automatically generate certificates for accounts that are validated. Jing
has been working on the GAMA side of things for SEEK, and GEON already has a
GAMA server in place.

Actions #2

Updated by Redmine Admin almost 11 years ago

Original Bugzilla ID was 1163

Actions

Also available in: Atom PDF