Information Technology Reference
In-Depth Information
Table 1. Newly Identified OIDs for Grid Operations. Of particular interest are the Grid specific pointers
that enable an RQA to provide Grid specific information to applications. It is also to be noted that some
of the proposed PKIX Identifiers refer to services that are not yet standardized
OID
Text
Description
PKIX
{id-ad 1}
ocsp
OCSP Service
{id-ad 2}
caIssuers
CA Information
{id-ad 3}
timeStamping
TimeStamping Service
{id-ad 10}
dvcs
DVCS Service
{id-ad 11}
scvp
SCVP Service
General PKI
operations
{id-ad 50}
certPolicy
Certificate Policy (CP) URL
{id-ad 51}
certPracticesStatement
Certification Practices Statement (CPS) URL
{id-ad 60}
httpRevokeCertificate
HTTP Based (Browsers) Certificate Revocation Service
{id-ad 61}
httpRequestCertificate
HTTP Based (Browsers) Certificate Request Service
{id-ad 62}
httpRenewCertificate
HTTP Based (Browsers) Certificate Renewal Service
{id-ad 63}
httpSuspendCertificate
Certificate Suspension Service
{id-ad 40}
cmsGateway
CMS Gateway
{id-ad 41}
scepGateway
SCEP Gateway
{id-ad 42}
xkmsGateway
XKMS Gateway
{eng-ltd 3344810 10 2}
webdavCert
Webdav Certificate Validation Service
{eng-ltd 3344810 10 3}
webdavRev
Webdav Certificate Revocation Service
Grid Specific
{id-ad 90}
accreditationBody
Accreditation Body URL
{id-ad 91}
accreditationPolicy
Accreditation Policy
{id-ad 92}
accreditationStatus
Accreditation Status Document
{id-ad 95}
commonDistributionUpdate
Grid Distribution Package
{id-ad 96}
accreditedCACertificates
Certificates of Currently Accredited CAs
these pointers also allow a VO to specify a set of
additional CAs that the VO wishes to trust locally
(that the VO has vetted itself for use within the
community), by simply specifying an additional
local distribution maintained by the VO or any
entity it delegates this responsibility to (e.g. refer
to the additional non-IGTF accredited CAs that
are accepted by TeraGrid).
ally this authority is represented by a federation
of authentication providers and relying parties
responsible for accreditation of CAs willing to
participate in the organization.
The presence of such an authority eases the
deployment of PRQP in that it provides a central
point where the RQA can be deployed. In this
section, we discuss the real-world experience
in deploying the PRQP service for the TACAR
project. To speed up the service deployment and
ease CA administrators from running an additional
service, we deployed a centralized RQA service
that serves the entire grid community.
Trusting a Central RQA.
In the TACAR
PRQP deployment, we adopted a trust model that
utilizes a centralized Resource Query Authority
PRQP AND TACAR: A REAL
WORLD DEPLOYMENT
An interesting aspect of the grid trust model is the
presence of a central authority, often embodied
by the grid policy management authority. Usu-
Search WWH ::
Custom Search