Audited credential delegation: A sensible approach to grid authentication

Abstract

If the authentication process in a computational grid environment is difficult for end-users, they will either be unable to use the system at all, or, in their attempts to circumvent the aspects of the authentication process which they find “difficult”, they will probably increase the likelihood of a security compromise of the system. In this paper we examine a proposed authentication architecture, audited credential delegation (ACD), that uses the familiar username/password paradigm to improve the usability (and so the security) of the authentication process in these environments. We report on a usability trial of this architecture in which it is compared to the traditional PKI-based authentication used in many existing computational grid environments. We also discuss how this architecture suggests that computational grid resource providers (and potentially the Certificate Authorities accepted by these providers) need to rethink their “one digital certificate = one user” security model.