DOEGrids CA Enters Fourth Year of Operation

January 2, 2006


DOEGrids Certificate Authority (CA) entered its fourth year of operation in December 2005 with about 3,500 active certificates, making DOEGrids one of the largest certification authorities in Grid computing. The growth of service and host certificates continues to outpace user certificates.

DOEGrids is supporting development of new technology to improve the usability of DOEGrids PKI by its subscribers, administrators and relying parties. New scripts are under development in the community to automate aspects of the certification workflow, particularly for customers who need to certify hosts in a Grid computing cluster.

In collaboration with partners at LBNL and other research sites, ESnet is developing a credential store service for the Particle Physics Data Grid (PPDG). The credential store service, a kind of continent-wide MyProxy service, will provide network-based storage for Grid credentials and permit a more satisfactory and flexible roaming solution for PPDG users.

ESnet is also developing a short term certificate service with the capability of federating site authentication services and automatically issuing a short term Grid certificate based on a user’s successful login to his site’s authentication service. This certification service will offer a very easy roaming solution to a large subset of the DOE community, and open up Grid computing to a substantially larger population.

DOEGrids CA is valid until 2008, and these new techniques as well as others are under consideration for incorporation into the next generation of the DOEGrids CA, for which the planning process has just begun.