원문정보
초록
영어
Grid Security Infrastructure (GSI) is the most common security infrastructure for grid computing, which is also based on Public Key Infrastructure (PKI). Therefore, the process to issue certificates for grid users, which is usually including interviewing with registration authorities (RAs) for identifying the user in person, is complicate and difficult to ensure reliability. We could therefore rely on the certificate issuance process of national PKI, which includes RA system guaranteed by governments. However, it is not possible to adapt the national PKI on GSI without modifying security software due to technical and legal problems. Either certificate validation or certificate path validation will be fail in that case. In this paper, we propose an alternative certificate validation method which translates the original certificate of national PKI to grid credential on separate GSI and delegate the translated credential to grid service by an extended OAuth protocol. The proposed idea is implemented in service called SecureBox which is operating in demo site. GSI can now adapt a reliable certificate issuance process including nationwide RA system from national PKI by the service.
목차
1. Introduction
2. Dilemma of Using National PKI
2.1. PKI
2.2 Dilemma
3. Certificate Path Validation
3.1. Keeping Original Certificate Path Information
3.2 Certificate Path Validation
4. SecureBox: Grid Identity Service
4.1. Grid Credential Translation
4.2 Grid Credential Delegation
5. Similar Works
5.1. Bridged Certificate Authority
5.2. OAuth-based Proxy Delegation Service
6. Conclusion
Acknowledgement
References