Grid software uses public/private key cryptography as the basis for making
authenticated and secure connections between remote hosts. A public key
is one of a pair of two related
numbers such that one key can be used to encrypt data and the second
key can decrypt the data, with the additional property that the
decryption key cannot easily be derived from the encryption key.
An
X.509 certificate contains the user's public key and a unique
meaningful Distinguished Name (DN) which identifies the holder
of the certificate. It is digitally signed by a Certification
Authority (CA). Before signing a certificate, a Registration Authority (RA), verifies that the
Distinguished Name is actually that of the user who holds the related
private key and that the user has some connection with Fusion research.
The X.509 certificate is used to distribute the public key and the user
name to any entity with which the owner of the private key wishes to
establish a secure communication. Your complete identity credential
consists of the public key, the private key and the associated DN. Your
private key is encrypted by a passphase and should be stored in a file
that is read-only by you or kept on a secure server.
Once you have obtained such a credential, it is used by the
grid-proxy-init or myproxy-get-delegation commands to perform a Grid signon
operation. Grid signon is done once a day, and the resulting proxy
certificate and new private key will be used by the Globus client
software to make multiple secure, authenticated connections to any of
the FusionGrid services.
If you want to know more about private/public key cryptography or digital certificates go to opengroup or Verisign.
 |
|
Home | The National Fusion Collaboratory Project |