Difference between revisions of "User:Wvengen@nikhef.nl/JGridStart"

From PDP/Grid Wiki
Jump to navigationJump to search
(add note about grix)
(redirect to new page)
 
(33 intermediate revisions by the same user not shown)
Line 1: Line 1:
Using a [http://en.wikipedia.org/wiki/Grid_Computing computing grid] requires authorisation and authentication. This is managed by [http://en.wikipedia.org/wiki/Asymmetric_cryptography asymmetric cryptography] with client-side SSL certificates. Currently, setting this up requires the user to [http://ca.dutchgrid.nl/guide/ go through] [http://www.dutchgrid.nl/agenda/askArchive.php?base=agenda&categ=a042&id=a042s3t2/moreinfo several steps] that can by quite daunting to some. jGridStart attempts to ease this process with automation and a graphical user-interface, enabling you to quickly proceed to actually using the grid.
+
#REDIRECT [[JGridstart]]
 
 
jGridStart is currently being developed. I expect the first version to be ready somewhere in May 2009.
 
 
 
Meanwhile you can have a look at a [http://www.nikhef.nl/~wvengen/jgridstart02/jgridstart.jnlp user-interface mockup]. This may or may not be something that resembles the final product. Please remember that it doesn't work at all as of yet.
 
 
 
[http://grix.arcs.org.au/ Grix] is an existing program that aims for the same goal. It [User:Wvengen@nikhef.nl/JGridStart/Grix|may or may not be] a viable solution for us.
 
 
 
== Planned features ==
 
* user-interface
 
** both graphical user-interface for easy usage by unknowledgeable users
 
** and command-line interface for cli addicts and testing.
 
** the application should detect the state of affairs and present sensible actions
 
** working on multiple platforms: Linux, Windows, Mac OS X at the least
 
* single point-of-entry for management of ''user'' grid certificates, including
 
** requesting a new certificate
 
** installing certificates into different parts of the system (like internet browsers)
 
** rekeying an (almost expired) certificate
 
** sending revocation requests
 
** switching between different certificates (like the default certificate in your ~/.globus)
 
** importing/exporting a certificate for transfer
 
** changing the private key passphrase
 
* security checks
 
** validate permissions of private keys
 
** require passwords on places where private keys is stored
 
** require passwords to pass a minimum strength test
 
** check certificates against revocation lists
 
* adaptable configuration so it can be deployed by other parties with moderate effort
 
** location of web forms for interaction with certificate authority
 
** content and properties of user's certificate
 
** name and organisation texts
 
 
 
 
 
== Roadmap ==
 
=== version 0.1 ===
 
* graphical and command-line user-interface
 
* working on Linux, written with portability in mind
 
* actions: request new certificate, install, request renewal
 
* security checks
 
* multiple-certificates interface additions when multiple certificates found
 
 
 
=== version 0.2 ===
 
* working on Linux, Windows, Mac OS X
 
* tests using command-line interface
 
 
 
=== version 0.3 ===
 
* actions: request revocation, import, export, change passphrase
 
* add the notion of archived certificates (expired or revoked) and implement in user-interface
 
 
 
=== version 0.4 ===
 
* gather and process user feedback
 
* make it work with other RA backends as well
 
 
 
 
 
== Notes of RA's ==
 
If you have something to add, please notify me!
 
* frequently happening problems
 
** people often send either a certificate signing request or the form instead of both
 
** people often send a renewal as new request because they forget to send an S/MIME mail
 
* feature requests
 
** in registration form: identity-proof-document fields don't match the web interface ("nationality" instead of "document issuing country" and "document type")
 
** a renewal should be sent automatically to the correct RA (same as original request but beware email changes)
 
** in the RA interface "Authenticate request" an additional comment field would be handy
 
** verify email by sending a confirmation link before accepting a certificate signing request
 
 
 
 
 
== Server-side ==
 
jGridStart talks with a certificate authority using http requests. The application is delivered with a simple proof-of-concept certification authority that implements the required functionality. Also the existing [http://ca.dutchgrid.nl/ DutchGrid CA web interface] will be adapted to work with it.
 
 
 
 
 
== Related documents ==
 
* [https://forge.gridforum.org/sf/projects/caops-wg Certificate Authority Operations WG]
 
 
 
== Related software ==
 
* [http://www.bestgrid.org/index.php/Grid_Tools Grid Tools]
 
* [http://argon.sao.nrc.ca/~spgrid/ SpectroGrid2] with a java web start based certificate manager (also [https://spectrogrid2.nrc.ca/portal/?q=node/3 here])
 
* [http://www.jabacats.com/ JaBaCATs] Java Basic Certificate Authority Tools
 
* [http://portecle.sourceforge.net/ Portecle] - GUI to create, manage and examine keystores, keys, certificates, requests, revocation lists and more.
 
* [http://yellowcat1.free.fr/keytool_iui.html KeyTool IUI] the cryptography GUI tool
 
* [http://gridshib.globus.org/docs/gridshib-ca-0.5.1/ gridshib-ca] contains a java web start tool that installs user certificates
 
* [http://grix.arcs.org.au/ Grix] is a Java gui application to help users handle security related tasks within a grid environment
 

Latest revision as of 10:30, 10 September 2009

Redirect to: