[ogsa-authn-bof] Fwd: Examples of x.509 translation services and beyond-X.509 authentication work
Tom Scavo
trscavo at gmail.com
Mon Jun 2 17:06:42 CDT 2008
On Mon, Jun 2, 2008 at 3:41 PM, Alan Sill <Alan.Sill at ttu.edu> wrote:
>
> Comments on this list or elsewhere to compare and contrast such work,
> and to produce a summary of bridges to and extensions beyond X.509
> authentication paradigms that can scale to very high volumes of usage
> (10**6 jobs per day and beyond) with good security on an automated
> basis are especially invited and would be useful. Please feel free
> to contact me or to have discussions either on this list or off.
> Please feel free to write your own opinions in a coherent form in
> papers and web links on this topic, and to post such links here to
> attract attention to your own thoughts and work.
One such technology is the shib-enabled GridShib CA. The GridShib CA
delivers short-lived X.509 end-entity credentials to a browser user's
desktop (via Java Web Start). The GridShib CA is protected by a
Shibboleth Service Provider, thus you can think of the GridShib CA as
a translator from campus credentials (e.g., username/password) to grid
credentials.
As Alan mentioned, the GridShib CA has been integrated into myVocs.
You can read about that integration effort in the following paper:
http://myweb.clemson.edu/~gemmill/crossdomainauthz.pdf
There are two versions of the GridShib CA, one backed by openssl and
the other backed by MyProxy. As far as I know, the technology has not
been certified or accredited. Our friends at D-Grid spoke of their
desire to do so, but I don't know what the status of that effort is.
Software downloads and documentation are available on the GridShib web site:
http://gridshib.globus.org/docs/gridshib-ca/readme.html
If you like, you can try the software from where you sit, just visit:
https://computer.ncsa.uiuc.edu/
All you need is a credential from an institution affiliated with
InCommon, Barring that, you can obtain a ProtectNetwork.org account
for testing purposes.
Hope this helps,
Tom Scavo
NCSA
More information about the ogsa-authn-bof
mailing list