Secure Authentication Mechanism Rearchment On Cooperative Computing For Multi-users In Grid

The conception of Cooperative Computing for Multi-users will change the view of people on"computing"thoroughly, for it supplies for a new compute-mode. The concrete realization of Cooperative Computing for Multi-users is Grid system. The Grid system breaks through the restrictions that imposed to it previously, and makes people solving complicated problem more freely and more expediently.With the powerful functions Grid technologies can bring great convenience to scientific researches, much attention must be given to the security of the network applications so that information won't be leak or stolen while using the fast and convenient functions and services. As the first and most impotant defent-line, anthentication is fatal.Existing Grid security certificate models include: centralized CA (Certificate Authority) model, multi-CA model and crossed certificate model. But these models have various defects. While using centralized CA model or multi CA model, managing certificates will be very complicated and the amount of data and update amounts are great by means of adopting general management mode of the centralized model. When adopting crossed certificate model, the selection of the path will arises.This paper researches and designs a fixed certificate model based on X.509 and Kerberos. This model offers such functions as users ID certification, issuing certificate and digital signature. In this model, the issue and management of end-users' certificates is like the centralized model in which an independent certification center issues the certificates and finally ascends a user trusted root certification center. In the Grid environment, diverse"organizations"are classified according to different certificate strategies and comprise different strategy domain combinations. They are connected by strategy servers and the root CA which acting as a management center. However, the root CA is only responsible for managing the"organization"and doesn't take part in issuing certificates and managing work of the end-users and intermediate CA.