LIGO Document T0810038-v1

Reply to Which Certificate Authority Should LIGO Use?

Document #:
Document type:
T - Technical notes
Other Versions:
13 Mar 2009, 08:33
During two teleconferences and exchanges of emails
the authors, along with Michael Helm and Dhiva
Muruganantham from Energy Sciences Network (ESnet)
and John Volmer from the DOEGrids Certificate
Authority (CA) Policy Management Authority,
discussed technical, organizational, and
operational issues around the question of which
certificate authority the LIGO project should use
and what role ESnet staff and resources, including
the DOEGrids CA, might play in the LIGO
authentication and authorization infrastructure.
The discussions were enormously helpful in
clarifying the technical ramifications of the LIGO
use case requirements and led to a fuller
exploration of the solution space than would have
otherwise happened. The authors conclude that the LIGO use
case requirements, aimed at significantly reducing
the burden on LIGO scientists and users, make it
difficult to architect a solution that involves
ESnet in general and the DOEGrids CA in
particular. The most appealing solution identified
that meets the LIGO use case requirements is for
LIGO to operate its own short lived credential
services (SLCS) with deployments located at the
major LIGO Data Grid (LDG) sites to meet the
requirements for robustness against network
Files in Document:
Other Files:
Notes and Changes:
There are two documents included:

- The first is the formal response from John Volmer as
Chairman of the DOE Grids Policy Management Authority. It is
in the form of a letter and directly answers the questions
posed in the document "Which CA Should LIGO Use?" send along with the note above.

- The second is a longer document authored by Jim Basney and
myself as a way to capture some of the discussions and our
own conclusions.

DCC Version 3.3.0, contact Document Database Administrators