I was curious if anyone has any comments (personal/political/technical)
or could point me to a decent resource comparing Globus versus
Kerberos. I've had to work with Globus quite a bit, and the overall
trend in the existing GSI-based research grids is to move towards
centrally managed cert/key repositories despite the pure GSI notion of
keeping everything distributed. There's a handful of new research
projects that basically take GSI and add that "centralized" portion,
although in my opinion it's starting to resemble a Kerberos
architecture. In my case, in effort to get Globus actually working for
our users, we had to create a similar "centralized" architecture (see
gridauth.com), this ended up purposely abstracting Globus. It's
abstracted in such a way we could easily drop Globus (GSI-based CA) and
replace it with Kerberos or even a simple password hash scheme. For our
users needs this would be perfectly suitable (and transparent), except
politically it would raise hell.
I know a lot of work has gone into building the bridge between Kerberos
and GSI, but in this case it's more a matter of utilizing a secure
authentication mechanism that's easiest to manage centrally (to the
users and developers it's all abstracted behind RESTful web services).
Any thoughts or advice would be appreciated, technical papers or
security reports comparing the two systems would be great as well.
--
Cheers,
Timothy J Warnock
Senior Data Architect - NEESit
San Diego Supercomputer Center
phone: (858) 822-5473
fax: (858) 822-5464
University of California, San Diego
9500 Gilman Drive
La Jolla, CA 92093-0505
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
