The process of generating a PC chain is illustrated in Figure 1.
The above design has been implemented and released in the Grid Security Infrastructure
(GSI) (Foster, Kesselman, Tsudik & Tuecke, 1998; Welch, Siebenlista, Foster, Bresnahan,
Czajkowski, Gawor, Kesselman, Meder, Pearlman, & Tuecke, 2003, Welch, Siebenlista,
Foster, Bresnahan, Czajkowski, Gawor, & et.al, 2003, January). GSI is offered in the Global
Toolkit version 2 and a newer version released by the Global Alliance.
Another function achieved by means of proxy certificates is delegation. Delegation can
be seen as part of authorization. They are both concerned with ensuring that a user cannot
perform an action which he is not supposed to. It mainly deals with the problems when a
delegator wishes to delegate a subset of his or her rights to another, a delegatee. Since the
grid computing functions in a multi-user, multi-resource environment, in which the participants
of one computation system might be dynamically different, pure Access Control
Lists (ACLs) are not suitable. Many frameworks have been proposed and implemented for
grid computing. In order to reuse the PKI certificates in a multi-domain, some modifications
need to be made to enhance the functionality of the certificates.
Pages:
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431