Abstract
The Certification Authority Coordination Group in the European DataGrid project has created a large-scale Public Key Infrastructure and the policies and procedures to operate it successfully. The infrastructure demonstrates interoperability of multiple certification authorities (CAs) in a novel system of peer-assessment of the roots of trust. Crucial to the assessment is the definition of minimum requirements that all CAs must meet in order to be accepted. The evaluation is aided by software-generated trust matrices. Related work building on this infrastructure is described. The group’s policies and experience now form the basis of the new European Policy Management Authority for Grid Authentication in e-Science.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
European DataGrid (2004), http://www.edg.org/
DataTAG (2004), http://datatag.web.cern.ch/
CrossGrid (2004), http://www.crossgrid.org/
GridLab (2004), http://gridlab.org/
LHC Computing Grid (2004), http://lcg.web.cern.ch/
Enabling Grids for E-science in Europe (2004), http://www.eu-egee.org/
Foster, I., Kesselman, C., Tsudik, G., Tuecke, S.: A security architecture for computational grids. In: ACM Conference on Computers and Security, pp. 83–91. ACM Press, New York (1998)
DataGrid Security Coordination Group:Security Design (2003), https://edms.cern.ch/document/344562
DataGrid Security Coordination Group: Final Security Report (2004), https://edms.cern.ch/document/414762
Cornwall, L.A., et al.: Security in multi-domain grid environments. Journal of Grid Computing (2004)
DataGrid Security Coordination Group: Security Requirements Testbed 1 Security Implementation (2002), https://edms.cern.ch/document/340234
IETF: PKIX Charter (2004), http://www.ietf.org/html.charters/pkix-charter.html
Butler, R., Engert, D., Foster, I., Kesselman, C., Tuecke, S., Volmer, J., Welch, V.: Design and deployment of a national-scale authentication infrastructure. IEEE Computer 33, 60–66 (2000)
Tuecke, S., Welch, V., Engert, D., Pearlman, L., Thompson, M.: Internet X.509 Public Key Infrastructure Proxy Certificate Profile (2003), http://www.ietf.org/internet-drafts/draft-ietf-pkix-proxy-10.txt
Housley, R., Polk, W., Ford, W., Solo, D.: Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile, RFC 3280 (2002)
OpenSSL (2004), http://www.openssl.org/
Globus Simple CA (2004), http://www.globus.org/security/simple-ca.html
OpenCA (2004), http://www.openca.org/
Sun Open Network Environment (2004), http://wwws.sun.com/software/sunone/
Global Grid Forum (2004), http://www.ggf.org/
Butler, R., Genovese, T.: Global Grid Forum Certificate Policy Model (2003)
Ball, E., Chadwick, D., Basden, A.: The Implementation of a System for Evaluating Trust in a PKI Environment. Evolaris, vol. 2, pp. 263–279. Springer, Heidelberg (2003)
NSF Middleware Initiative (2004), http://www.nsf-middleware.org/
Hanushevsky, A., Cowles, R.: Virtual Smart Card (2002), http://www.slac.stanford.edu/abh/vsc/
European Grid Policy Management Authority for e-Science (2004), http://www.eugridpma.org/
Distributed European Infrastructure for Supercomputing Applications (2004), http://www.deisa.org/
South Eastern European Grid-enabled eInfrastructure Development (2004), http://www.see-grid.org/
GridPMA (2004), http://www.gridpma.org/
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Astalos, J. et al. (2005). International Grid CA Interworking, Peer Review and Policy Management Through the European DataGrid Certification Authority Coordination Group. In: Sloot, P.M.A., Hoekstra, A.G., Priol, T., Reinefeld, A., Bubak, M. (eds) Advances in Grid Computing - EGC 2005. EGC 2005. Lecture Notes in Computer Science, vol 3470. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11508380_30
Download citation
DOI: https://doi.org/10.1007/11508380_30
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-26918-2
Online ISBN: 978-3-540-32036-4
eBook Packages: Computer ScienceComputer Science (R0)