OSG PKI transition: Experiences and lessons learned

Von Welch; Alain Deximo; Soichi Hayashi; Viplav D. Khadke; Rohan Mathure; Robert Quick; Mine Altunay; Chander S. Sehgal; Anthony Tiradani; Jim Basney

OSG PKI transition: Experiences and lessons learned

Von Welch, Alain Deximo, Soichi Hayashi, Viplav D. Khadke, Rohan Mathure, Robert Quick, Mine Altunay, Chander S. Sehgal, Anthony Tiradani, Jim Basney

National Center for Supercomputing Applications (NCSA)

Research output: Contribution to journal › Conference article › peer-review

Abstract

Over the course of 2012-13 the Open Science Grid (OSG) transitioned the identity management system for its science user community from the DOE Grids public key infrastructure (PKI) to a new OSG PKI. This transition was significant in its scope, touching on nearly all aspects of the OSG infrastructure and community. The transition also entailed the adoption of a commercial certificate service as a key component of OSG's PKI. This transition offers a rare opportunity to better understand identity management and how to prepare for and implement changes in an identity management system. In this paper, we describe OSG's transition and lessons learned from it. We discuss the overall project management approach, including a division of the project into planning, piloting, design, development, implementation and transition phases. We discuss the considered alternatives, both for implementations of the OSG PKI as well as alternatives to a PKI such as federated identity, as well as the criteria we used to make our decision. We conclude with a set of lessons learned from both implementation and in retrospect, and a set of recommendations for other identity systems.

Original language	English (US)
Article number	007
Journal	Proceedings of Science
Volume	23-28-March-2014
State	Published - 2014
Event	International Symposium on Grids and Clouds, ISGC 2014 - Taipei, Taiwan, Province of China Duration: Mar 23 2014 → Mar 28 2014

ASJC Scopus subject areas

General

Library availability

Discover UIUC Full Text

Cite this

@article{10dd9902e39b4acba3328f3fc5586295,

title = "OSG PKI transition: Experiences and lessons learned",

abstract = "Over the course of 2012-13 the Open Science Grid (OSG) transitioned the identity management system for its science user community from the DOE Grids public key infrastructure (PKI) to a new OSG PKI. This transition was significant in its scope, touching on nearly all aspects of the OSG infrastructure and community. The transition also entailed the adoption of a commercial certificate service as a key component of OSG's PKI. This transition offers a rare opportunity to better understand identity management and how to prepare for and implement changes in an identity management system. In this paper, we describe OSG's transition and lessons learned from it. We discuss the overall project management approach, including a division of the project into planning, piloting, design, development, implementation and transition phases. We discuss the considered alternatives, both for implementations of the OSG PKI as well as alternatives to a PKI such as federated identity, as well as the criteria we used to make our decision. We conclude with a set of lessons learned from both implementation and in retrospect, and a set of recommendations for other identity systems.",

author = "Von Welch and Alain Deximo and Soichi Hayashi and Khadke, {Viplav D.} and Rohan Mathure and Robert Quick and Mine Altunay and Sehgal, {Chander S.} and Anthony Tiradani and Jim Basney",

note = "Publisher Copyright: {\textcopyright} Copyright owned by the author(s) under the terms of the Creative Commons Attribution-NonCommercial-ShareAlike Licence.; International Symposium on Grids and Clouds, ISGC 2014 ; Conference date: 23-03-2014 Through 28-03-2014",

year = "2014",

language = "English (US)",

volume = "23-28-March-2014",

journal = "Proceedings of Science",

issn = "1824-8039",

publisher = "Sissa Medialab Srl",

}

TY - JOUR

T1 - OSG PKI transition

T2 - International Symposium on Grids and Clouds, ISGC 2014

AU - Welch, Von

AU - Deximo, Alain

AU - Hayashi, Soichi

AU - Khadke, Viplav D.

AU - Mathure, Rohan

AU - Quick, Robert

AU - Altunay, Mine

AU - Sehgal, Chander S.

AU - Tiradani, Anthony

AU - Basney, Jim

N1 - Publisher Copyright: © Copyright owned by the author(s) under the terms of the Creative Commons Attribution-NonCommercial-ShareAlike Licence.

PY - 2014

Y1 - 2014

N2 - Over the course of 2012-13 the Open Science Grid (OSG) transitioned the identity management system for its science user community from the DOE Grids public key infrastructure (PKI) to a new OSG PKI. This transition was significant in its scope, touching on nearly all aspects of the OSG infrastructure and community. The transition also entailed the adoption of a commercial certificate service as a key component of OSG's PKI. This transition offers a rare opportunity to better understand identity management and how to prepare for and implement changes in an identity management system. In this paper, we describe OSG's transition and lessons learned from it. We discuss the overall project management approach, including a division of the project into planning, piloting, design, development, implementation and transition phases. We discuss the considered alternatives, both for implementations of the OSG PKI as well as alternatives to a PKI such as federated identity, as well as the criteria we used to make our decision. We conclude with a set of lessons learned from both implementation and in retrospect, and a set of recommendations for other identity systems.

AB - Over the course of 2012-13 the Open Science Grid (OSG) transitioned the identity management system for its science user community from the DOE Grids public key infrastructure (PKI) to a new OSG PKI. This transition was significant in its scope, touching on nearly all aspects of the OSG infrastructure and community. The transition also entailed the adoption of a commercial certificate service as a key component of OSG's PKI. This transition offers a rare opportunity to better understand identity management and how to prepare for and implement changes in an identity management system. In this paper, we describe OSG's transition and lessons learned from it. We discuss the overall project management approach, including a division of the project into planning, piloting, design, development, implementation and transition phases. We discuss the considered alternatives, both for implementations of the OSG PKI as well as alternatives to a PKI such as federated identity, as well as the criteria we used to make our decision. We conclude with a set of lessons learned from both implementation and in retrospect, and a set of recommendations for other identity systems.

UR - http://www.scopus.com/inward/record.url?scp=84976287425&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84976287425&partnerID=8YFLogxK

M3 - Conference article

AN - SCOPUS:84976287425

SN - 1824-8039

VL - 23-28-March-2014

JO - Proceedings of Science

JF - Proceedings of Science

M1 - 007

Y2 - 23 March 2014 through 28 March 2014

ER -

OSG PKI transition: Experiences and lessons learned

Abstract

ASJC Scopus subject areas

Library availability

Related links

Fingerprint

Cite this