OSG Document 1200-v1

OSG PKI Transition: Experiences and Lessons Learned

Document #:
Document type:
Submitted by:
Von Welch
Updated by:
Von Welch
Document Created:
02 Sep 2014, 13:23
Contents Revised:
02 Sep 2014, 13:23
Metadata Revised:
02 Sep 2014, 13:23
Viewable by:
  • Public document
Modifiable by:

Quick Links:
Latest Version

Over the course of 2012-13 the Open Science Grid (OSG) transitioned the identity management system for its science user community from the DOE Grids public key infrastructure (PKI) to a new OSG PKI. This transition was significant in its scope, touching on nearly all aspects of the OSG infrastructure and community. The transition also entailed the adoption of a commercial certificate service as a key component of OSG’s PKI.
This transition offers a rare opportunity to better understand identity management and how to prepare for and implement changes in an identity management system. In this paper, we describe OSG’s transition and lessons learned from it. We discuss the overall project management approach, including a division of the project into planning, piloting, design, development, implementation and transition phases. We discuss the considered alternatives, both for implementations of the OSG PKI as well as alternatives to a PKI such as federated identity, as well as the criteria we used to make our decision. We conclude with a set of lessons learned from both implementation and in retrospect, and a set of recommendations for other identity systems.
Files in Document:
Notes and Changes:
Paper published at ISGC 2014.
DocDB Home ]  [ Search ] [ Last 20 Days ] [ List Authors ] [ List Events ] [ List Topics ]

Supported by the National Science Foundation and the U.S. Department of Energy's Office of Science Contact Us | Site Map

DocDB Version 8.8.9, contact Document Database Administrators