Addressing credential revocation in grid environments

Abstract

Credential revocation is a critical problem in grid environments and remains unaddressed in existing grid security solutions. We present our ongoing work in designing a novel grid authentication system, based on Globus GSI, that solves the revocation problem. The focus of this work is to ensure instantaneous revocation of both long-term digital identities of hosts/users and short-lived identities of user proxies. Our system employs mediated RSA (mRSA), adapts Boneh's notion of semi-trusted mediators to suit security in virtual organizations and propagates proxy revocation information as in Micali's NOVO-MODO system. We envision that our system would additionally provide a configuration-free security model for end users and fine-grained management of user credentials.