[ogsa-authn-bof] Fwd: Examples of x.509 translation services and beyond-X.509 authentication work

[Tom Scavo]

On Mon, Jun 2, 2008 at 3:41 PM, Alan Sill <Alan.Sill at ttu.edu> wrote:
>
> Comments on this list or elsewhere to compare and contrast such work,
> and to produce a summary of bridges to and extensions beyond X.509
> authentication paradigms that can scale to very high volumes of usage
> (10**6 jobs per day and beyond) with good security on an automated
> basis are especially invited and would be useful.  Please feel free
> to contact me or to have discussions either on this list or off.
> Please feel free to write your own opinions in a coherent form in
> papers and web links on this topic, and to post such links here to
> attract attention to your own thoughts and work.

One such technology is the shib-enabled GridShib CA.  The GridShib CA
delivers short-lived X.509 end-entity credentials to a browser user's
desktop (via Java Web Start).  The GridShib CA is protected by a
Shibboleth Service Provider, thus you can think of the GridShib CA as
a translator from campus credentials (e.g., username/password) to grid
credentials.

As Alan mentioned, the GridShib CA has been integrated into myVocs.
You can read about that integration effort in the following paper:

http://myweb.clemson.edu/~gemmill/crossdomainauthz.pdf

There are two versions of the GridShib CA, one backed by openssl and
the other backed by MyProxy.  As far as I know, the technology has not
been certified or accredited.  Our friends at D-Grid spoke of their
desire to do so, but I don't know what the status of that effort is.

Software downloads and documentation are available on the GridShib web site:

http://gridshib.globus.org/docs/gridshib-ca/readme.html

If you like, you can try the software from where you sit, just visit:

https://computer.ncsa.uiuc.edu/

All you need is a credential from an institution affiliated with
InCommon,  Barring that, you can obtain a ProtectNetwork.org account
for testing purposes.

Hope this helps,

Tom Scavo
NCSA