[caops-wg] OCSP APIs for MyProxy and GT4 - Requirements document?

Jesus Luna jluna at ac.upc.edu
Tue Oct 24 14:43:21 CDT 2006 

Mike Helm wrote:
> Does your product make any provision for caching 
> responses?
> --
>   caops-wg mailing list
>   caops-wg at ogf.org
>   http://www.ogf.org/mailman/listinfo/caops-wg
>   
Hello Mike and Jim,
Sorry for the delayed responses :)
First of all I think that Jim's implementation is of great value and a 
good step towards finally supporting OCSP into Grids. In the last months 
we (at UPC) have been planning to port OGRO to C language, unfortunately 
we don't have enough resources (aka volunteers) to do the job and 
instead both Oscar Manso (Grid-OCSP server) and me (Grid-OCSO client) 
have tried to evolve the OGRO middleware thanks to our research on 
Grid-validation and comments from the users community. We expect to 
contact Frank Siebenlist in the following days with an updated/debugged 
OGRO version, to see if it's possible to included it as a patch to the 
GT's Java Core.

So from my point of view thanks to Jim's effort we may be able to:
i) Finish for good (that's the correct English phrase?) the OCSP Reqs 
Document. As far as I remember, the version posted at the CAOPS' site 
was in need of a readability checking and now we may need to update 
appendixes A.3 (MyProxy example) and B (client conf examples) according 
to Jim's experience and comments.
ii) If possible I'd like to use Jim's source code to begin working 
towards a "OGRO-C" which may be configured in a way similar to the 
Java-based version. Potential users would be happy to configure its 
clients in an analogous way and now we are closer to that if you believe 
that OGRO's config file may be useful. I'd try to work towards this goal 
in the short-term ;)

Finally about Responses' caching: in OGRO we implemented this feature as 
an add-on to the JCE Provider being used (currently Bouncy Castle/IAIK), 
by keeping an in-memory structure that's constantly being purged of 
non-definitive cert statuses. As I told you this may added into the 
OGRO-C port thanks to Jim's client. In any case you might be interested 
into this one:
“OCSP for Grids: Comparing Prevalidation versus Caching”. Luna, Jesús. 
Manso, Oscar. Manel, Medina. Accepted for the 7th IEEE/ACM International 
Conference on Grid Computing, Barcelona, September 2006. 
http://www.grid2006.org/

I don't know if it can be posted here, but if you're interested then for 
research purposes you can contact me directly. :)

Best regards,

-- 

<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
o o o Jesus Luna Garcia         |   Polytechnic University of Catalonia
o o o PhD Student               |   Department of Computer Architecture
o o o phone:  +34 93 401 7187   |   Campus Nord. www.ac.upc.es
U P C fax:    +34 93 401 7055   |   C/Jordi Girona 1-3, Modul D6-116
      E-mail: jluna at ac.upc.es   |   Barcelona 08034 SPAIN
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>

More information about the caops-wg mailing list