Difference between revisions of "User:Wvengen@nikhef.nl/JGridStart"
(change description; update planned features) |
(add server-side) |
||
Line 27: | Line 27: | ||
** content and properties of user's certificate | ** content and properties of user's certificate | ||
** name and organisation texts | ** name and organisation texts | ||
+ | |||
+ | == Server-side == | ||
+ | jGridStart talks with a certificate authority using http requests. The application is delivered with a simple proof-of-concept certification authority that implements the required functionality. Also the existing [http://ca.dutchgrid.nl/ DutchGrid CA web interface] will be adapted to work with it. | ||
== Related software == | == Related software == |
Revision as of 10:34, 18 March 2009
Using a computing grid requires authorisation and authentication. This is managed by asymmetric cryptography with client-side SSL certificates. Currently, setting this up requires the user to go through several steps that can by quite daunting to some. jGridStart attempts to ease this process with automation and a graphical user-interface, enabling you to quickly proceed to actually using the grid.
jGridStart is currently being developed. I expect the first version to be ready somewhere in May 2009.
Planned features
- user-interface
- both graphical user-interface for easy usage by unknowledgeable users
- and command-line interface for cli addicts and testing.
- the application should detect the state of affairs and present sensible actions only
- working on multiple platforms: Linux, Windows, Mac OS X at the least
- single point-of-entry for management of grid certificates, including
- requesting a new certificate
- installing certificates into different parts of the system (like internet browsers)
- rekeying an (almost expired) certificate
- sending revocation requests
- switching between different certificates (like the default certificate in your ~/.globus)
- importing/exporting a certificate for transfer
- changing the private key passphrase
- security checks
- validate permissions of private keys
- require passwords on places where private keys is stored
- require passwords to pass a minimum strength test
- check certificates against revocation lists
- adaptable configuration so it can be deployed by other parties with moderate effort
- location of web forms for interaction with certificate authority
- content and properties of user's certificate
- name and organisation texts
Server-side
jGridStart talks with a certificate authority using http requests. The application is delivered with a simple proof-of-concept certification authority that implements the required functionality. Also the existing DutchGrid CA web interface will be adapted to work with it.
Related software
- SpectroGrid2 with a java web start based certificate manager (also here)
- JaBaCATs Java Basic Certificate Authority Tools
- Portecle - GUI to create, manage and examine keystores, keys, certificates, requests, revocation lists and more.
- KeyTool IUI the cryptography GUI tool
- gridshib-ca contains a java web start tool that installs user certificates muchlike jGridStart, but with a minimal user interface.