Certificate Management stuff

Robert Olson olson at mcs.anl.gov
Wed Jan 28 13:25:29 CST 2004


>There are solutions to the "certificate on every machine" that can alleviate
>the problem without doing the online ca thing, right? What are those
>solutions? Have you looked at what's already available in the pyGlobus
>MyProxy interfaces?

Either solution would require similar up-front infrastructure, involving 
determing which (online CA / my proxy server / what login name), to use for 
a given connection to a server.

>I guess all I'm saying is there is a lot of discussion that needs to happen,
>discussion before cvs commits is always good, especially when it's used to
>gain support for your development plans. That one of the main points of
>having the AGEP process, we need to convince each other, during that process
>many opportunities for improving our plans may be exposed. I'm not against
>your plan, just want to make sure it's the best one before I can say, "yeah,
>that's the way to go."

The point is that I'm not yet convinced myself of how this needs to be 
done, and need to do the groundwork to determine it. I want to do this 
groundwork before we do a major release so that we don't get nailed for 
having missed some piece of underlayment that was required but would be 
more work than we want to put into a minor release later on.

> > Like I said; the first set of changes is largely in place
> > already but we need to get newer pyGlobus (with the
> > exceptions support) in place for people or it will break; I'd
> > rather not add code to handle both old and new pyGLobus.
>
>This is something Matt is working on, right? Are you keeping in synch with
>him so this enables you as quickly as possible?

I'm enabled :-) it's the rest of the group that would get hit. I'm assuming 
since I've not heard otherwise that he's seen the changes (since I sent 
them out on the topic earlier) and he'll drop by with questions as they 
occur. I'll give him a poke too.

--bob 




More information about the ag-dev mailing list