Zusammenfassender Abschlussbericht "Nutzung von kurzlebigen Zertifikaten in portalbasierten Grids (GapSLC)"
The project GapSLC aimed to developing alternative methods for authentication and authorization in grids. The work was focused on three use cases coming from the participating grid communities. For users without a conventional grid certificate, a portal delegation mechanism is implemented where the grid portal generates a certificate request for short lived certificates (SLC) on behalf of the user. Shibboleth is used for authentication of the user with a federation of distributed Identity Providers. Whole process of certificate request and handling is transparent for the user. Authorization information based on SAML from the identity providers and the virtual organization are collected at the portal an embedded into the proxy certificate for the grid job. They can be used for fine granular authorization on resource provider site. For the use case of grid jobs of more general character (e.g. monitoring) robot certificates can be used. Discussions with DFN during the project phase led to a EUGrid-PMA accreditationed new policy. A concept for integration of robot certificates into D-Grid was developed. The basic idea is partitioning of resources: at one part only personal certificates are allowed whereas at the other (separated) part grid jobs with robot certificates can be accepted. The developed software can be downloaded from project websites.