Presentation is loading. Please wait.

Presentation is loading. Please wait.

Proxy Certificate Profile Douglas E. Engert Argonne National Laboratory 12/14/2001 COPYRIGHT STATUS: Documents authored by Argonne National.

Similar presentations


Presentation on theme: "Proxy Certificate Profile Douglas E. Engert Argonne National Laboratory 12/14/2001 COPYRIGHT STATUS: Documents authored by Argonne National."— Presentation transcript:

1 Proxy Certificate Profile Douglas E. Engert Argonne National Laboratory 12/14/2001 COPYRIGHT STATUS: Documents authored by Argonne National Laboratory employees are the result of work under U.S. Government contract W ENG-38 and are therefore subject to the following license: The Government is granted for itself and others acting on its behalf a paid-up, nonexclusive, irrevocable worldwide license in these documents to reproduce, prepare derivative works, and perform publicly and display publicly by or on behalf of the Government.

2 History - Proxy Certificate Profile l Globus Project since 1998 u Globus Security Infrastructure (GSI) u Simple version - CN=proxy is added to the issuers name to make subject name u GSSAPI over SSL using OpenSSL u Java implementation too l Global Grid Forum (GGF) has adopted GSI l GGF wants IETF involvement in standard l Hear more about GGF at Plenary Thursday

3 Status - Proxy Certificate Profile l draft-ietf-pkix-proxy-01.txt u Alive and well l Looking for more comments u Subject and issuer name questions u Relationship to attribute certs l Expect an implementation in next few months u May also do Java implementation

4 GSI Common Terms l Identification u X509 certificate subject name l Authentication u SSLv3 Mutual authentication l Authorization u Local grid-map file l Accounting u Local Global Local

5 Proxy Certificate Processing l Delegation of identity u Server creates certificate request, key pair u Client signs request u Client returns certificate l Subject name plus /CN=proxy l GSI will accept a proxy as the user l Locations l env X509_USER_PROXY l /tmp/x509up_u

6 Keys and Certificates CA u UU u U Proxy Files Key Certificates CA UU u U U - /C=US/O=Globus/…/CN=Doug/CN=proxy/CN=proxy U - /C=US/O=Globus/…/CN=Doug/CN=proxy U - /C=US/O=Globus/…/CN=Doug CA - /C=US/O=Globus/…/CN=Certification Authority

7 grid-proxy-init Program CAU u U u New Key/Cert-req U Sign U u U Proxy File Key Cert

8 GSSAPI_SSLEAY - Proxy CAUG u g Certs Key Contact Gridmap U:username Tokens host:port:G U SSLeay GSSAPI Client SSLeay GSSAPI Gatekeeper

9 GSSAPI_SSLEAY- Proxy CAG G SSL Handshake UU Flags uU New Key/Cert-req Cert-req U U Sign Cert U g u UU

10 Local Site Authentication site1 site2 U-G1 U-G2 U- U K5 client SSLK5 AFS SSLK5


Download ppt "Proxy Certificate Profile Douglas E. Engert Argonne National Laboratory 12/14/2001 COPYRIGHT STATUS: Documents authored by Argonne National."

Similar presentations


Ads by Google