User:Wvengen@nikhef.nl/Globus certificates for Users
From PDP/Grid Wiki
< User:Wvengen@nikhef.nl
Jump to navigationJump to searchRevision as of 11:13, 30 March 2011 by Wvengen@nikhef.nl (talk | contribs)
To use a (gLite or Globus) grid one needs a certificate. This comprises a private key that belongs to the user, and a public certificate that is signed by a certificate authority. While this method is generally seen as secure and scalable, user experience is often not optimal. One of my goals is to make this as seamless as possible to end-users of the grid.
Security Requirements
There are a couple of security requirements which must be met, as defined in the guidelines for protection of private key data:
- The private key must be protected with a passphrase and not publicly accessible.
- The private key must be generated using trustworthy cryptographic software.
- The private key can only be transferred over secure networks, but it is better to use proxy certificates instead.
Existing software requirements
All kinds of applications that interact with the grid need to find the user's credentials:
- Web browsers to access protected websites, like the VOMS signup page, job monitors, and protected collaboration areas.
- gLite/Globus utilities to operate on jobs and files on the grid, like voms-proxy-init and glite-wms-job-submit.
- ...
Approaches
The certificate and key need to be accessible both by Globus tools and the web browser.
- jGridstart: a Java Web Start application that guides the user through all steps required for obtaining and installing a certificate
- Globus-PKCS11: access the Globus certificate from the browser
- libbrowser: access browser certificates from Java
Operating system support
- Linux
- GTK
- GP11 PKCS#11
- libcryptui certificate support
- GTK
- Mac OS X
- Windows
