Audited credential delegation - a user-centric identity management solution for computational grid environments

Abstract

One major problem faced by end-users and administrators of computational grid environments arise in connection with the usability of the security mechanisms usually deployed in these environments, in particular identity management. Many of the existing computational grid environments use Public Key Infrastructure (PKI) and X.509 digital certificates as a corner stone for their security architectures. However, security solutions based on PKI have to be usable to be effective otherwise they will not provide the intended protection. This paper presents the Audited Credential Delegation (ACD), a user-centric security identity management solution that accommodates users and resource providers security requirements including authentication, authorisation and auditing security goals from the design level. The proposed architecture removes any association between users and digital certificates, which is the source of the grid usability problem, while addressing resource providers concerns with regards to accountability. A prototype of this architecture has been implemented in Java and Web Services technologies using the recommendations of the Open Web Application Security consortium (OWASP) for developing secure software. It is currently being tested on TeraGrid, NGS and DEISA grid infrastructures and a detailed usability study is underway.