An Online Credential Repository for the Grid: MyProxy
نویسندگان
چکیده
Grid Portals, based on standard Web technologies, are increasingly used to provide user interfaces for Computational and Data Grids. However, such Grid Portals do not integrate cleanly with existing Grid security systems such as the Grid Security Infrastructure (GSI), due to lack of delegation capabilities in Web security mechanisms. We solve this problem using an online credentials repository system, called MyProxy. MyProxy allows Grid Portals to use the GSI to interact with Grid resources in a standard, secure manner. We examine the requirements of Grid Portals, give an overview of the GSI, and demonstrate how MyProxy enables them to function together. The architecture and security of the MyProxy system are described in detail.
منابع مشابه
The MyProxy online credential repository
The MyProxy online credential repository has been used by the grid computing community for over four years for managing security credentials in the grid public key infrastructure. MyProxy improves usability by giving users access to their credentials over the network using password authentication, allowing users to delegate their credentials via web browser interfaces to the grid, and supportin...
متن کاملCredential Wallets: A Classification of Credential Repositories Highlighting MyProxy
In recent years, individuals have experienced an increased requirement for digitally identifying themselves, in both their work and personal lives. People typically have multiple credentials for digitally identifying themselves to different online software or services in different roles (for example, different credentials for work and home). We are looking for technology that allows users to ma...
متن کاملA Mediated RSA-based End Entity Certificates Revocation Mechanism with Secure Concerned in Grid
The End Entity Certificates (EECs) revocation mechanism in Grid Security Infrastructure (GSI) adopts Certificate Revocation List (CRL) currently. However, CRL is an inefficient mechanism with drawbacks of “time granularity problem” and unmanageable sizes. This paper presents a new EECs revocation mechanism MEECRM (Mediated RSA-based End Entity Certificates Revocation Mechanism) to eliminate “ke...
متن کاملWhich Certificate Authority Should LIGO Use?
LIGO wishes to remove the burden from users of requesting, retrieving, and managing X.509 digital certificates and the associated private keys. A new authentication and authorization infrastructure design includes deploying MyProxy servers at all LIGO computing sites, and storing X.509 certificates and private keys in the MyProxy repositories. Rather than generating a proxy certificate using a ...
متن کاملSimplifying Public Key Credential Management Through Online Certificate Authorities and PAM
The secure management of X509 certificates in heterogeneous computing environments has proven to be problematic for users and administrators working with Grid deployments. We present an architecture based on short lived X509 credentials issued by a MyProxy server functioning as an Online Certificate Authority, on the basis of initial user authentication via PAM (Pluggable Authentication Modules...
متن کامل