Information Technology Reference
In-Depth Information
for download. The user downloads the certii cate and associated certii cate
revocation lists into their Internet browser. Once in their browser they are
required to export it to forms appropriate to the grid middleware.
The main benei t and reason for the widespread acceptance of PKIs
within the grid community is their support for single sign-on. Thus, since
all grid sites in the UK trust the central CA at RAL, a user in possession of
an X.509 certii cate issued by RAL can send jobs or access resources more
generally across all sites, or more precisely to all sites where a user has
requested and been granted access to those sites. Typically with middle-
ware solutions such as Globus [6],
gatekeepers
are used to ensure that
signed grid requests are valid (i.e., from known collaborators). When this
is so, that is, the DN of the requestor is in a locally stored and managed
grid-mapi le
, the user is typically given access to the locally set-up account
as dei ned in the
grid-mapi le
.
12.2.2
Problems with PKIs
The above process is off-putting for many of the wider less-IT-focused
research communities since it requires them to convert the certii cate to
appropriate formats understandable by grid middleware using complex,
cryptic openSSL commands. Such requirements dissuade less IT-savvy
researchers from engaging—especially as openSSL is not commonly
available on platforms such as Windows. It is possible for Windows-based
PC users to install openSSL-based solutions but this in turn requires them
to install and coni gure additional software. In many cases, this is not
possible; for example, if they do not have sufi cient privileges on their PC
(root access, etc.)—a not uncommon practice in departments and faculties
at many universities in the UK. In this case the researchers will instead
have to refer to a local system administrator to help with the installation
and coni guration.
Assuming researchers have managed to obtain a certii cate that they
have converted into the appropriate format, they are then expected to
remember strong passwords for their private keys with the recommenda-
tion to use upper and lower case and non-alphanumeric characters. The
temptation to write down such passwords is apparent and an immediate
and obvious potential security weakness. Problems also arise with
researchers from institutions that do not have RAs in place.
In short, this whole process does not lend itself to the wider research
community that the e-Science and grid community needs to reach out to
and engage with. It is a well-known adage that the customer is always
right. Usability and addressing researcher requirements are crucial to the
uptake and success of grid technology. End-user scientists require soft-
ware that simplii es their daily research and does not make it more com-
plex. Given the fact that the initial user experience of the grid currently
begins with application for UK e-Science certii cates, this needs to be
made as simple as possible, or potentially removed completely.
Search WWH ::
Custom Search