Using OGRO and CertiVeR to improve OCSP validation for Grids |
| |
Authors: | Jesus Luna Manel Medina Oscar Manso |
| |
Affiliation: | (1) Computer Architecture Department, Polytechnic University of Catalonia, Jordi Girona 1-3, 08034 Barcelona, Spain;(2) CertiVeR, Diputacion 238, 08007 Barcelona, Spain |
| |
Abstract: | Authentication and authorization in many distributed systems rely on the use of cryptographic credentials that in most of
the cases have a defined lifetime. This feature mandates the use of mechanisms able to determine whether a particular credential
can be trusted at a given moment. This process is commonly named validation. Among available validation mechanisms, the Online Certificate Status Protocol (OCSP) stands out due to its ability to carry
near real time certificate status information. Despite its importance for security, OCSP faces considerable challenges in
the computational Grid (i.e. Proxy Certificate’s validation) that are being studied at the Global Grid Forum’s CA Operations
Work Group (CAOPS-WG). As members of this group, we have implemented an OCSP validation infrastructure for the Globus Toolkit
4, composed of the CertiVeR Validation Service and our Open GRid Ocsp (OGRO) client library, which introduced the Grid Validation Policy. This paper summarizes our experiences on that work and the results obtained up to now. Furthermore we introduce the prevalidation concept, a mechanism analogous to the Authorization Push-Model, capable of improving OCSP validation performance in Grids.
This paper also reports the results obtained with OGRO’s prevalidation rules for Grid Services as a proof of concept.
|
| |
Keywords: | CertiVeR Grid validation Grid validation policy Online Certificate Status Protocol Open Grid OCSP Prevalidation |
本文献已被 SpringerLink 等数据库收录! |
|