Abstract. The trustworthiness of any Public Key Infrastructure (PKI) rests upon the expectations for trust, and the degree to which those expectations are met. Policies, whether implicit as in PGP and SDSI/SPKI or explicitly required as in X.509, document expectations for trust in a PKI. The widespread use of X.509 in the context of global e-Science infrastructures, financial institutions, and the U.S. Federal government demands efficient, transparent, and reproducible policy decisions. Since current manual processes fall short of these goals, we designed, built, and tested computational tools to process the citation schemes of X.509 certificate policies defined in RFC 2527 and RFC 3647. Our PKI Policy Repository, PolicyBuilder, and PolicyReporter improve the consistency of certificate policy operations as actually practiced in compliance audits, grid accreditation, and policy mapping for bridging PKIs. Anecdotal and experimental evaluation of our tools on real-world tasks establishes their actual utility and suggests how machine-actionable policy might empower individuals to make informed trust decisions in the future.
One of the most successful working examples of virtual organizations, computational grids need authentication mechanisms that inter-operate across domain boundaries. Public Key Infrastructures (PKIs) provide sufficient flexibility to allow resource managers to securely grant access to their systems in such distributed environments. However, as PKIs grow and services are added to enhance both security and usability, users and applications must struggle to discover available resources-particularly when the Certification Authority (CA) is alien to the relying party. This paper 1 presents how to overcome these limitations of the current grid authentication model by integrating the PKI Resource Query Protocol (PRQP) into the Grid Security Infrastructure (GSI). Authentication in Virtual OrganizationsComputational grids provide researchers, institutions and organizations with many thousands of nodes that can be used to solve complex computational problems. To leverage collaborations between entities, users of computational grids are often consolidated under very large Virtual Organizations (VOs). Participants in VOs need to share resources, including data storage, computational power and network bandwidth. Because these resources are valuable, access is usually limited, based on the requested resource and the requesting user's identity. In order to enforce these limits, each grid has to provide secure authentication of users and applications. Erroneously granting access to unauthorized or even malicious parties can be dangerous even within a single organization-and is unacceptable in such large VOs. Moreover, the dynamic nature of grid VOs requires the authentication mechanisms to be flexible enough to easily allow administrators to manage trust and 1 The authors would like to thank the IGTF members for their contribution and inspiring suggestions.
One of the most successful working examples of virtual organizations, computational grids need authentication mechanisms that interParticipants in VOs need to share resources, including data storage, computational power and network bandwidth. Because these resources are valuable, access is usually limited, based on the requested resource and the requesting user's identity. In order to enforce these limits, each grid has to provide secure authentication of users and applications.Erroneously granting access to unauthorized or even malicious parties can be dangerous even within a single organization---and is unacceptable in such large VOs.Moreover, the dynamic nature of grid VOs requires the authentication mechanisms to be flexible enough to easily allow administrators to manage trust and quickly re-arrange resourcesharing permissions. Indeed, VOs are usually born from the aggregation of already existing organizations and constitute an umbrella that groups the participating organizations rather than
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
customersupport@researchsolutions.com
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.