Speaker
E. Berdnikov
(INSTITUTE FOR HIGH ENERGY PHYSICS, PROTVINO, RUSSIA)
Description
The scope of this work is the study of scalability limits of the
Certification Authority (CA), running for large scale GRID environments.
The operation of Certification Authority is analyzed from the view of
the rate of incoming requests, complexity of authentication procedures,
LCG security restrictions and other limiting factors. It is shown, that
standard CA operational model has some native "bottlenecks", which
can be resolved with proper management and technical tools.
The central point is the discussion of "decentralized" scheme with
single CA and multiple authentication agents, called Registration
Authorities (RA). Single CA retains a role for technical center,
responsible for support of GRID security infrastructure, while
general role of RAs is verification of requests from end-users.
Practical implementation of this scheme (including the development
and installation of end-user software) have been done in CERN in 2002
(http://service-grid-ca.web.cern.ch/service-grid-ca/help/RA.html).
Second implementation of the same ideas was the GRID project of the
Russia Ministry of Atomic Energy, 2003 (http://grid.ihep.su/MAG/).
These two implementations are compared in aspects of security
and functionality.
Primary author
E. Berdnikov
(INSTITUTE FOR HIGH ENERGY PHYSICS, PROTVINO, RUSSIA)