Information Technology Reference
In-Depth Information
both belong to the subject; and (4) the digital signature of the named CA.
If two parties have certii cates, and if both parties trust the CAs that signed
each other's certii cates, then the two parties can prove to each other that
they are who they claim to be. This is known as mutual authentication [1].
One of the core concepts in GSI is the delegation capability, which can
be used to avoid re-entering the user's password if a grid computation
requires several grid resources to be used (each requiring mutual authen-
tication), or if there is a need to have agents (local or remote) requesting
services on behalf of a user. In order to accommodate this need, a proxy is
used in GSI. A proxy consists of a new certii cate (with a new public key
in it) and a new private key. The new certii cate contains the owner's iden-
tity, modii ed slightly to i ndicate that it is a proxy. It is sig ned by the ow ner,
rather than a CA. The proxy certii cate also includes a life span after which
the proxy should no longer be accepted by others.
11.2.2.2
Credential Management: MyProxy for Single Sign-On
in Grid Portals
MyProxy is open source software widely used in grid portals for manag-
ing X.509 public key infrastructure (PKI) security credentials (certii cates
and private keys) to help realize the SSO [16]. It provides a solution for
delegating credentials to grid portal to allow the portal to authenticate to
grid services on the user's behalf [18].
The work mechanism of MyProxy with a grid portal can be described as
follows. First, users need to store their grid credentials on a MyProxy
server that the portal can use. Usually this can be achieved by running the
myproxy-init
command on a user's computer where grid credentials are
located to upload the credential to the MyProxy server. This approach is
simple but requires some MyProxy commands to be installed
.
There is a
GUI-based open-source
tool, MyProxy Upload Tool
[18], that can be used
to help upload credentials to the MyProxy server via a Web browser with-
out any software installed. Second, once the user grid credentials are
stored in the MyProxy server, the grid portal can retrieve a short-term
proxy credentials for a grid portal to access the grid services on behalf of
the user. As a commitment of SSO, the grid portal can be developed to
authenticate a user by using the user's MyProxy username and password
rather than using a separate username and password.
11.2. 3
Portal in Grid Accounting
Resources sharing in grid computing are not always free. Many organiza-
tions do not want their resources to be shared unless they get paid for the
resources provided. Grid computing will be widely available for commer-
cial use once the issue of charging for resource usage is addressed. This
has resulted in the issue of grid accounting, where the grid portal plays a
Search WWH ::
Custom Search