| Grid is information application service which serves users like a supercomputer by means of using geographically widely distributed computation resources, storage resources, network resources, software resources and information resources etc. Grid technologies have extensive perspective and development scope, but researches concerning it are still on the first step. There are many key technologies which need to be solved. On one hand, the powerful functions Grid technologies can bring great convenience to scientific researches , on the other hand, much attention must be given to the security of the network applications so that information won't be leak or stolen while using the fast and convenient functions and services.Existing Grid security certificate models include: centralized CA (Certificate Authority)model, multi-CA model and crossed certificate model. But these models have various defects. While using centralized CA model or multi CA model, managing certificates will be very complicated and the amount of data and update amounts are great by means of adopting general management mode of the centralized model. When adopting crossed certificate model, the selection of the path will arises.This paper researches and designs a fixed certificate model based on X.509 and Kerberos. This model offers such functions as users ID certification , issuing certificate and digital signature. In this model, the issue and management of end-users' certificates is like the centralized model in which an independent certification center issues the certificates and finally ascends a user trusted root certification center, here called the level-2 trust domain. In the Grid environment, diverse level-2 trust domains are classified according to different certificate strategies and comprise different strategy domain combinations. They are connected by strategy servers and the top level-1 trust domain which acting as a management center. However, the level-1 trust domain is only responsible for managing the level-2 trust domain and doesn't take part in issuing certificates and managing work of the end-users and intermediate CA.
|
PDF Full Text Request