International Grid CA Interworking, Peer Review and Policy Management Through the European DataGrid Certification Authority Coordination Group

  • J. Astalos
  • R. Cecchini
  • B. Coghlan
  • R. Cowles
  • U. Epting
  • T. Genovese
  • J. Gomes
  • D. Groep
  • M. Gug
  • A. Hanushevsky
  • M. Helm
  • J. Jensen
  • C. Kanellopoulos
  • D. Kelsey
  • R. Marco
  • I. Neilson
  • S. Nicoud
  • D. O’Callaghan
  • D. Quesnel
  • I. Schaeffner
  • L. Shamardin
  • D. Skow
  • M. Sova
  • A. Wäänänen
  • P. Wolniewicz
  • W. Xing
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3470)

Abstract

The Certification Authority Coordination Group in the European DataGrid project has created a large-scale Public Key Infrastructure and the policies and procedures to operate it successfully. The infrastructure demonstrates interoperability of multiple certification authorities (CAs) in a novel system of peer-assessment of the roots of trust. Crucial to the assessment is the definition of minimum requirements that all CAs must meet in order to be accepted. The evaluation is aided by software-generated trust matrices. Related work building on this infrastructure is described. The group’s policies and experience now form the basis of the new European Policy Management Authority for Grid Authentication in e-Science.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    European DataGrid (2004), http://www.edg.org/
  2. 2.
  3. 3.
    CrossGrid (2004), http://www.crossgrid.org/
  4. 4.
    GridLab (2004), http://gridlab.org/
  5. 5.
    LHC Computing Grid (2004), http://lcg.web.cern.ch/
  6. 6.
    Enabling Grids for E-science in Europe (2004), http://www.eu-egee.org/
  7. 7.
    Foster, I., Kesselman, C., Tsudik, G., Tuecke, S.: A security architecture for computational grids. In: ACM Conference on Computers and Security, pp. 83–91. ACM Press, New York (1998)CrossRefGoogle Scholar
  8. 8.
    DataGrid Security Coordination Group:Security Design (2003), https://edms.cern.ch/document/344562
  9. 9.
    DataGrid Security Coordination Group: Final Security Report (2004), https://edms.cern.ch/document/414762
  10. 10.
    Cornwall, L.A., et al.: Security in multi-domain grid environments. Journal of Grid Computing (2004)Google Scholar
  11. 11.
    DataGrid Security Coordination Group: Security Requirements Testbed 1 Security Implementation (2002), https://edms.cern.ch/document/340234
  12. 12.
  13. 13.
    Butler, R., Engert, D., Foster, I., Kesselman, C., Tuecke, S., Volmer, J., Welch, V.: Design and deployment of a national-scale authentication infrastructure. IEEE Computer 33, 60–66 (2000)Google Scholar
  14. 14.
    Tuecke, S., Welch, V., Engert, D., Pearlman, L., Thompson, M.: Internet X.509 Public Key Infrastructure Proxy Certificate Profile (2003), http://www.ietf.org/internet-drafts/draft-ietf-pkix-proxy-10.txt
  15. 15.
    Housley, R., Polk, W., Ford, W., Solo, D.: Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile, RFC 3280 (2002)Google Scholar
  16. 16.
    OpenSSL (2004), http://www.openssl.org/
  17. 17.
  18. 18.
    OpenCA (2004), http://www.openca.org/
  19. 19.
    Sun Open Network Environment (2004), http://wwws.sun.com/software/sunone/
  20. 20.
    Global Grid Forum (2004), http://www.ggf.org/
  21. 21.
    Butler, R., Genovese, T.: Global Grid Forum Certificate Policy Model (2003)Google Scholar
  22. 22.
    Ball, E., Chadwick, D., Basden, A.: The Implementation of a System for Evaluating Trust in a PKI Environment. Evolaris, vol. 2, pp. 263–279. Springer, Heidelberg (2003)Google Scholar
  23. 23.
    NSF Middleware Initiative (2004), http://www.nsf-middleware.org/
  24. 24.
    Hanushevsky, A., Cowles, R.: Virtual Smart Card (2002), http://www.slac.stanford.edu/abh/vsc/
  25. 25.
    European Grid Policy Management Authority for e-Science (2004), http://www.eugridpma.org/
  26. 26.
    Distributed European Infrastructure for Supercomputing Applications (2004), http://www.deisa.org/
  27. 27.
    South Eastern European Grid-enabled eInfrastructure Development (2004), http://www.see-grid.org/
  28. 28.
    GridPMA (2004), http://www.gridpma.org/

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • J. Astalos
    • 1
    • 13
  • R. Cecchini
    • 1
    • 14
  • B. Coghlan
    • 6
  • R. Cowles
    • 2
    • 20
  • U. Epting
    • 1
    • 11
  • T. Genovese
    • 8
  • J. Gomes
    • 1
    • 15
  • D. Groep
    • 1
    • 18
  • M. Gug
    • 9
  • A. Hanushevsky
    • 2
    • 20
  • M. Helm
    • 8
  • J. Jensen
    • 3
  • C. Kanellopoulos
    • 1
  • D. Kelsey
    • 3
  • R. Marco
    • 1
    • 12
  • I. Neilson
    • 9
  • S. Nicoud
    • 5
  • D. O’Callaghan
    • 6
  • D. Quesnel
    • 2
  • I. Schaeffner
    • 1
    • 11
  • L. Shamardin
    • 1
    • 16
  • D. Skow
    • 1
    • 10
  • M. Sova
    • 4
  • A. Wäänänen
    • 1
    • 17
  • P. Wolniewicz
    • 1
    • 19
  • W. Xing
    • 7
  1. 1.Aristotle University of ThessalonikiGreece
  2. 2.CanarieCanada
  3. 3.Rutherford Appleton LaboratoryUK
  4. 4.CESNETCzech Republic
  5. 5.CNRS/UREC CPPMFrance
  6. 6.Trinity College DublinIreland
  7. 7.University of CyprusCyprus
  8. 8.ESnet/LBNLUSA
  9. 9.European Organization for Nuclear Research (CERN)Switzerland
  10. 10.Fermi National Accelerator LaboratoryUSA
  11. 11.Forschungszentrum KarlsruheGermany
  12. 12.Instituto de Física de Cantabria (CSIC-UC)Spain
  13. 13.Slovak Academy of SciencesSlovakia
  14. 14.INFNItaly
  15. 15.Laboratório de Instrumentação e Física Experimental de PartículasPortugal
  16. 16.Moscow State UniversityRussia
  17. 17.Niels Bohr InstituteDenmark
  18. 18.NIKHEFNetherlands
  19. 19.Poznań Supercomputing and Networking CenterPoland
  20. 20.Stanford Linear Accelerator CenterUSA

Personalised recommendations