Speaker
Description
Detailed analysis
Forthe P-GRADE grid portal, in order to generate a proxy certificate, MyProxy is adopted. MyProxy will generate a user’s proxy certificate based on prior uploaded user’s security credential information. As this approach is impossible for a smart card due to its private key protection, we decided to build-in a toolkit allowing smart card users to use the open grid infrastructure. In accomplishing this we encountered development problems particularly in integrating the new proxy certificate to the glite services. The details of the various problems occurring throughout the development and integration will be discussed. We notice that the failure of integration is due to a single common issue, which is mapping the user Distinguished Name (DN) value to all the required glite services. Resolving the DN mapping issue will finally result in seamless integration of smart card technology in the grid infrastructure.
Keywords
Proxy Certificate, MyProxy, P-Grade Grid Portal, single sign-on, PKI, Malaysia National ID (MyKAD)
Impact
Work on the usage of Proxy Certificate Issued by Smart Card User’s Credential has shown
• Interpretation of user DN is different between VOMS Admin portal and VOMS command line, which makes the voms-proxy-init command unsuccessful
•The status of grid job submission varies between P-Grade portal, globus-job-submit and glite-wms-job-submit command
Impact
•Enhanced security by using private key resides in a smart card to generate proxy certificate and eliminate MyProxy as the proxy certificate provider.
•Allow merging of Public Key Infrastructure (PKI) community to participate into the welcoming grid infrastructure. Malaysian National Identity Card (MyKAD) that contains the PKI application ready to fully utilized P-Grade architecture and its services.
•A standard guide in interpreting user DN extraction is required. Thus, user DN string comparison between smart card user’s credential and the glite services will be zero error tolerance.
URL for further information
http://pgrade.knowledgegrid.net.my:8080/gridsphere/gridsphere
Conclusions and Future Work
The development has marked successful integration between direct proxy certificate issuance from smart card and the glite middleware services. The challenges are due to different way of interpreting the user DN value. Various user DN values appear in different glite middleware services because of the implementation of different applications in generating the DN value. In future, further development and testing is required to welcome the participation of the direct proxy certificate issuance.
