Difference between revisions of "User:Wvengen@nikhef.nl/Globus certificates for Users"
From PDP/Grid Wiki
Jump to navigationJump to search (initial version (work in progress)) |
m (add section header) |
||
Line 1: | Line 1: | ||
To use a ([http://glite.web.cern.ch/ gLite] or [http://www.globus.org/ Globus]) grid one needs a certificate. This comprises a private key that belongs to the user, and a public certificate that is signed by a certificate authority. While this method is generally seen as secure and scalable, user experience is often not optimal. One of my goals is to make this as seamless as possible to end-users of the grid. | To use a ([http://glite.web.cern.ch/ gLite] or [http://www.globus.org/ Globus]) grid one needs a certificate. This comprises a private key that belongs to the user, and a public certificate that is signed by a certificate authority. While this method is generally seen as secure and scalable, user experience is often not optimal. One of my goals is to make this as seamless as possible to end-users of the grid. | ||
− | There are a couple of security requirements which must be met | + | ==Security Requirements== |
− | + | There are a couple of security requirements which must be met, as defined in the [http://www.eugridpma.org/guidelines/pkp/ guidelines for protection of private key data]: | |
− | * The private key must be generated using trustworthy cryptographic software | + | * The private key must be protected with a passphrase and not publicly accessible. |
− | * The private key can only be transferred over secure networks. | + | * The private key must be generated using trustworthy cryptographic software. |
+ | * The private key can only be transferred over secure networks, but it is better to use proxy certificates instead. | ||
− | THIS PAGE IS WORK IN PROGRESS | + | |
+ | THIS PAGE IS A WORK IN PROGRESS |
Revision as of 10:36, 21 October 2010
To use a (gLite or Globus) grid one needs a certificate. This comprises a private key that belongs to the user, and a public certificate that is signed by a certificate authority. While this method is generally seen as secure and scalable, user experience is often not optimal. One of my goals is to make this as seamless as possible to end-users of the grid.
Security Requirements
There are a couple of security requirements which must be met, as defined in the guidelines for protection of private key data:
- The private key must be protected with a passphrase and not publicly accessible.
- The private key must be generated using trustworthy cryptographic software.
- The private key can only be transferred over secure networks, but it is better to use proxy certificates instead.
THIS PAGE IS A WORK IN PROGRESS