OSG PKI transition: Experiences and lessons learned

Von Welch, Alain Deximo, Soichi Hayashi, Viplav D. Khadke, Rohan Mathure, Robert Quick, Mine Altunay, Chander S. Sehgal, Anthony Tiradani, Jim Basney

Research output: Contribution to journalConference articlepeer-review


Over the course of 2012-13 the Open Science Grid (OSG) transitioned the identity management system for its science user community from the DOE Grids public key infrastructure (PKI) to a new OSG PKI. This transition was significant in its scope, touching on nearly all aspects of the OSG infrastructure and community. The transition also entailed the adoption of a commercial certificate service as a key component of OSG's PKI. This transition offers a rare opportunity to better understand identity management and how to prepare for and implement changes in an identity management system. In this paper, we describe OSG's transition and lessons learned from it. We discuss the overall project management approach, including a division of the project into planning, piloting, design, development, implementation and transition phases. We discuss the considered alternatives, both for implementations of the OSG PKI as well as alternatives to a PKI such as federated identity, as well as the criteria we used to make our decision. We conclude with a set of lessons learned from both implementation and in retrospect, and a set of recommendations for other identity systems.

Original languageEnglish (US)
Article number007
JournalProceedings of Science
StatePublished - Jan 1 2014
EventInternational Symposium on Grids and Clouds, ISGC 2014 - Taipei, Taiwan, Province of China
Duration: Mar 23 2014Mar 28 2014

ASJC Scopus subject areas

  • General


Dive into the research topics of 'OSG PKI transition: Experiences and lessons learned'. Together they form a unique fingerprint.

Cite this