On Sep 10, 2007, at 10:03 AM, Olivier Ricou wrote:
die 10/09/07, ad 16h40, John Sanabria <[EMAIL PROTECTED]>
dixit :
Hi Olivier,
I understand you, many times is like crying to desert. ;-)
Well, at least I can read the sources (argh, perl)...
Now, I suggest you, use MyProxy Service for client authentication,
and let
simpleCA for server authentication.
I never used MyProxy (and I should, thanks) but it seems you still
need to
make certificates for the users.
For large-scale grid projects, almost every country in the world is
served by a CA that is part of the International Grid Trust
Federation (IGTF). Information about the IGTF and its CA
distribution is available at
http://gridpma.org
IGTF certificates are accepted by almost all of the large-scale grid
projects (LHC computing grid, Open Science Grid, PRAGMA, and many
others) and can be used for authentication, and use in subsequent
authorization lookups once the person's DN has been registered into
the appropriate membership database for a particular project. The
same certificate DN can be used in many projects, depending only on
the person's own eligibility to participate in any given project.
The disadvantage of making your own CA, rather than obtaining one
through the CA or CAs operating in your region, is that if you make
your own, no one except people you make specific arrangements with
will accept a certificate from a privately-run CA of this nature.
Hence, for large projects, you are better off obtaining a certificate
from an IGTF-accredited CA.
Hope this helps,
Alan Sill, Ph.D
TIGRE Senior Scientist, High Performance Computing Center
Adjunct Professor of Physics
TTU
====================================================================
: Alan Sill, Texas Tech University Office: Admin 233, MS 4-1167 :
: e-mail: [EMAIL PROTECTED] ph. 806-742-4350 fax 806-742-4358 :
====================================================================
