OSG Document 1097-v1

OSG DigiCert Pilot Report

Document #:
OSG-doc-1097-v1
Document type:
Technical Reports
Submitted by:
Von Welch
Updated by:
Von Welch
Document Created:
28 Mar 2012, 10:24
Contents Revised:
28 Mar 2012, 10:24
DB Info Revised:
28 Mar 2012, 10:24
Viewable by:
  • Public document
Modifiable by:
Abstract:
The Open Science Grid (OSG) operates a public key infrastructure (PKI) as part of its identity management system to allow for authentication of users and services, and to allow for the expression of virtual organization (VO) membership. A key component of the OSG’s PKI is a certificate authority (CA) operated by ESnet: the DOE Grids CA. DOE is transitioning out of the business of operating the DOE Grids CA. OSG evaluated its options and concluded it needed a CA whose policies were tailored to its needs and can not at this time rely on an existing (or combination of existing) CA operated by a third party. Given this decision, the two options apparently available to OSG were choosing between setting up its own CA, or contracting with DigiCert, a commercial company, to operate a CA for OSG.

A pilot, running from November 2011 through January 2012, was initiated to determine if contracting with DigiCert is a viable option for OSG. Additionally, if contracting with DigiCert is a viable option, could OSG establish a front-end service that both put the user experience under the control of OSG and could allow OSG, at some unspecified later date, to migrate from DigiCert to another CA without changing the user experience?

Files in Document:
Keywords:
PKI
DocDB Home ]  [ Search ] [ Last 20 Days ] [ List Authors ] [ List Events ] [ List Topics ]

Supported by the National Science Foundation and the U.S. Department of Energy's Office of Science Contact Us | Site Map

DocDB Version 8.7.23, contact Document Database Administrators