Authentication is the act of verifying that the agent you are communicating with really is the same one you believe you’re talking to. This capability is a vital prerequisite for security in many systems, electronic or otherwise. Given the existence of a trusted third party, we can effectively authenticate users and systems in a single locale using Kerberos. Across much larger networks, such as the Internet, we can instead use public keys certified by one of many trusted third parties. Current Grid systems use GSI, a system based on public keys, for the authentication of users and services alike. However, end-users are generally not proficient at handling such keys; they require a support mechanism, or security suffers. We describe how existing technologies – namely, Kerberos 5, PKCROSS and DNSSECbis – can be integrated to support a more usable and featureful authentication infrastructure suitable for a range of public Internet operations, including Grid applications, with fewer central points of failure (and attack), that retains the desirable security and performance attributes of existing approaches, while minimising the costs of deployment, upkeep and maintenance
To submit an update or takedown request for this paper, please submit an Update/Correction/Removal Request.