> I wonder how globus is managing these issues... globus leaves trust relationships to the certificate authorities which create accounts and issue CN's (callnames) for grid users.
CN's which have access to a particular machine are listed in a grid mapfile on each machine of the grid. this isn't the only way to do it, but is the most common. here's me on westgrid (edited slightly): "/C=CA/O=Grid/OU=westgrid.ca/CN=andrey mirtchovski_46/Email=mirtchov cpsc ucalgary ca" andrey the CN's are not secret.
