GRIDportal RFC01 : authentication mechanism

pages: cert_new | cert_sign | myproxy_reg | user_login
Version 1.1
For reasons of maintaining better security, a new authentication model was devised. The main security threat is seen to be the system of sending certificates to the server. A compromised server could allow an attacker to intercept private keys. A compromise solution is presented here, which will hopefully both improve security and still accomodate a reasonably user friendly mechanism.

User interface

Create a certificate

Please be advised that you must enter a valid email address. You will need this address later to complete the registration procedure.
NOTE: Please do take great care in not forgetting the username or password you enter below. There is no possibility of looking them up for you, if you become locked out of your account, you will have to register a new one.
first name:
last name:
email address:
organization:
 
username:
password:
Design
All certificate handling is done in a small client application, distributed as a java app (an applet possibly?). The user first creates a certificate as shown. The username and password are stored to later be used in a session with myProxy. The password supplied also becomes the password corresponding to the certificate.
Implementation