User Security

From Gcube Wiki
Revision as of 17:20, 30 November 2007 by Andreaturli (Talk | contribs)

Jump to: navigation, search

Security Basics

Basics of User Security. Digital Certificates, CAs etc. Authorization and Authentication procedures

The DILIGENT Security model uses Public Key Infrastructure (PKI) mechanisms to authenticate identities acting in the infrastructure.

Each authenticated invocation must be performed using valid credentials issued by a trusted Certification Authority (CA).

Acquiring a Digital Certificate

The standard procedure for acquiring a Digital Certificate from the appropriate accredited Certification Authority is based on 8 steps. Ask for a CA certificate and install it on your browser. CA policy requests that in your institute a Registration Authority (RA) is defined. A Registration Authority is a person responsible to identify you for CA. So the second step is to go to your local Registration Authority with and ask for a digital certificate. The Registration Authority will start a simple procedure and will give you an ID. Each CA publishes the RA list. With this ID you can compile your personal data to CA portal. The ID verifies them. At this point your browser will ask you for a password (or to define it, if you never used certificates before): this password is used to the encrypt your private key before saving it locally. Then the browser will generate the couple of private-public and it will send your public key to the CA to be signed. Typically in a few days you will receive an email from CA with an URL. Use the same browser and the same machine you used to generate the couple private-public key to connect to that URL. The browser will install your certificate (i.e. your public key signed by CA) and you will be prompted for the password to access to the private key. At this point the certificate plus your private key are saved encrypted on the configuration files of your web browser. You can export on your filesystem to backup it.

Accessing a Community Portal

DILIGENT infrastructure is able to provide credentials to user without a personal certificate. These credentials are generated in a transparently way for the user through the DILIGENT Portal.

In particular DILIGENT portal login phase is subdivided in two main steps:

  • Insert USERNAME and PASSWORD

FirstStep.png

  • Specify the DIGITAL LIBRARIES to load. This choice will affect also the available credentials for the user during the session.

SecondStep.png

In this way the user inherits all the privileges he has in terms of group membership and roles in DILIGENT VOMS.

Retrieved from "https://gcube.wiki.gcube-system.org/index.php?title=User_Security&oldid=3091"