Comparison and Evaluation of Identity Management in Three Architectures for Virtual Organizations

Abstract

This paper compares and contrasts authentication mechanisms used in three VO architectures: the first reflects ad-hoc connections among several organizations, the second uses a centrally managed database and the third is based on public key infrastructure (PKI). The reason for studying these particular three architectures is that they cover a large class of currently operating VOs (i.e. supply chains, grids). These architectures used several types of authentication mechanisms starting from traditional username/password, through online trusted servers (Kerberos), to offline trusted third parties: certificate authorities and digital certificates. The current defacto-standard middleware used to build VOs, Globus toolkit, is based on the PKI architecture.