The most popular solution in grid computing
might be X.509 public-key certificates, which must be issued by trusted certificate
authorities (CAs). X.509 certificates include various subtypes of certificates for different
usages. The owner of an X.509 public-key certificate can be trusted, authenticated, or veri-
fied as a valid member, because the certificate must be issued and signed by a trusted CA.
This authentication is impartial.
Once the user is authenticated, the system must decide what he or she is able to do or what
access is available. This is also called authorization, and concerns the rights of the user. In
the traditional system, authorization is usually achieved by means of access control lists
(ACLs). The ACLs itemize the actions that users or groups are able to perform or the roles
they are able to play. However, in a network-based system, the number of users or divisions
might be too large to be listed. Hence, a more flexible and powerful solution is requested. A
modern solution uses X.509 certificates and policy languages. In order to keep the information
for authorization, the X.509 certificates need to be modified and enhanced. The types
of modification are various. One solution is to keep the user??™s identity and privilege in the
certificate.
Pages:
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427