Daniel Kouril wrote:
That would be a perfect use of a NIM Identity Provider.A proxy certificate is derived from a standard X.509 certificate of a user and is signed not by a CA but with the private key corresponding to the user's X.509 certificate (or another proxy down the path). So, the principle is similar to that of the kCA but no service is contacted and key generation and signing is done localy. The resulting proxy certificate resembles to a kerberos ticket - its life is short and is accessible for user's grid applications transparently.We also use proxy certificates to store some authorization data to proxy certificates (such as a signed list of groups), which is later used by services to make access control decisions. NIM gives us a user interface to manage proxies and embedded authorization attributes.
As soon as we have a template for an Identity Provider we will contact you.
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ kfwdev mailing list kfwdev@mit.edu http://mailman.mit.edu/mailman/listinfo/kfwdev