[AG-DEV] Identity certificates

Thomas D. Uram turam at mcs.anl.gov
Thu Mar 13 01:11:55 CDT 2008


Hi Luis:

There are a few things you need to know in this regard:

- By default, AG3 venues do not require that clients have a certificate 
to enter.  Venues can be optionally configured to require a certificate, 
in which case the user must present a certificate that satisfies the 
access controls on the venue. 

- You can run your own CA and issue your own certificates.  In that 
case, you'll need to make sure your clients have both your CA 
certificate and their personal certificate.

Otherwise, this is general PKI.  If you have other questions, don't 
hesitate to ask.

Tom

On 3/6/08 3:41 PM, Luis Galárraga wrote:
> Greetings:
>
> I am part of project for developing a webinar infraestructure based on 
> Access Grid. After a long discussion in which suggestions in this 
> mailing list were strongly considered, we have decided to implement a 
> simple client for venues (in servers 3.x) using Java Web Start Apps. 
> As you can see, there are many things to do, and developers have 
> started by making tests with the soap interfaces in the our AG server, 
> however they are not clear about the  concepts behind the 
> authentication process. We know AG uses digital certificates for 
> everything: users and services and those certificates are generated by 
> AG developers (after a process request). Can our developer team 
> generate certificates signed by us or it is required your sign? 
> Several people in our university will probably use the system so we 
> would like to have the privilege to generate the certificates. Could 
> someone explain us in a better way, the technical issues behind 
> authentication based on certificates (= how you implemented it)?. I 
> hope you can help us.
>
> Thanks in advance,
>
> Regards,
> Luis Galárraga




More information about the ag-dev mailing list