Implementing X.509 security certificate based authentication in a virtual organization

Abstract

In recent years, research institutions have shown great interest in forming Virtual Organizations (VO) as a cost effective alternative to maintaining dedicated resources for computationally intensive tasks. Shibboleth is an infrastructure used to provide the facility of single sign-on in many VOs. However, implementation of the Shibboleth infrastructure is a huge challenge that entails conformance to the policies of the institution that participates in the VO. Therefore in the absence of a Shibboleth authentication mechanism at a user's home institution, it may not be possible for users of a participating institution to access resources belonging to other institutions in the VO. This thesis addresses the issue of authenticating users who do not possess Shibboleth credentials, but are authentic users that need access to the resources in a VO. Lately, X.509 security certificates have gained immense popularity as a method for verifying the identity of a person. These certificates can be used to authenticate users on any system that trusts the certificate's signing Certificate Authority. Incorporating support for certificate-based authentication in the VO helps to authenticate users that belong to the research environment, but do not necessarily have Shibboleth credentials. Thus, certificate-based authentication increases the resource providing capability of the research environment by servicing all the users that are entitled to use resources in the VO.