Enabling the Provisioning and Management of a Federated Grid Trust Fabric

In order to authenticate and authorize users and other peer-services, Grid services need to maintain a list of authorities that they trust as a source for issuing credentials. Grids inherently span multiple institutional administration domains and aim to support the sharing of applications, data, and computational resources in a collaborative environment. In this environment there may exist hundreds of certificate authorities, each issuing hundreds if not thousands of certificates. In such a dynamic multi-institutional environment with tens of thousands of users, credentials will be issued and revoked frequently, and new authorities will be added regularly. Clearly a Grid-wide mechanism is needed for maintaining and provisioning trusted certificate authorities, such that Grid services and users may make authentication and authorizations decisions against the most up-to-date trust information. In this paper we present the design and implementation of the Grid Trust Service (GTS), a federated framework for creating and managing a Grid trust fabric, enabling the provisioning of certificate authority information.