Re: [AG-TECH] Certificates doubts

["Thomas D. Uram" <turam@xxxxxxxxxxx>]

On 6/18/06 9:42 AM, carlosperezs@xxxxxxxxxxxxxxxx wrote:
> Halloo together:
>
> I come from the University of Vigo, Galiza, Spanien. It hat several Venue
> Servers for AccessGrid. One of them, is use to test Sw.
> What I would like to do is to create a Certificate Server for this Venue Server
> and for the clients that will use this Venues Server, in order to be uusedthis
> Venue only by little users. Is it possibly?
>   
You don't have to issue your own certificates to control who can access 
your venues.  You could use the authorization mechanisms in the Access 
Grid sofware to limit access to only those users you wish to allow.
Of course, if you want to use your own certificates, you could do that 
instead.  In that case, you would
only be allowing certificates that you had issued, and it would be 
checked at the transport level.
> Besides i have 2 doubts about the certificates:
>
> When I connect to a Venue Server, my client venue send my anonym certificate. 
> The server validate it and send to my client its own certificate. After , occurs
>
> the mutual autenthification . Is it correct?
>   
On connect, the client and server validate each other's certificate 
chain, and the server authorizes
the client based on its identity and the current venue authorization policy.
> For the validityng process venue server asks to the Certificate Authoritat
> (Argonne ) if my Certificate is or not out of date. s it correct?
>
>   
The certificate validity dates are checked locally and by the server.  
There is no communication
with the certificate authority regarding the validity of your 
certificate.  This would be done using
a Certificate Revocation List (CRL) and some mechanism for performing a 
check against the CRL,
but we don't currently do any such checking.

Tom