Web-based administration of grid credentials for identity and authority delegation

Abstract

Grid computing, as a technology to coordinate loosely-coupled computing resources for dynamic virtual organizations, has become prevalent in both industry and academia in the past decade. While providing or utilizing heterogeneous and distributed grids, people can never alleviate their security concerns on the resources and data. Globus Toolkit as an open-source grid environment has implemented the public key infrastructure (PKI) and extended it for proxy-certificate-based delegation propagation with a series of separate and command-line-based components and services. We have built an integrated web service system to coordinate all of Globus's components and services that are needed for user credential management. Our system can reduce the necessary operations on creating and maintaining user credentials in Globus. The system also simplifies the procedure of deploying or accessing Globus services for user authentication, authorization, and identity and authority delegation. We provide a light-weighted Mozilla Firefox add-on on the client side to interact with our online system. On the server side, we implement web services for CA functionality, VOMS attribute certificate generation, and proxy delegation and retrieval, which satisfy the typical needs of most Globus users. Although our current solution is designed for integrating and automating all the credential-related operations for Globus users, it is portable for other online service platforms using similar PKI and delegation mechanisms.