GRIDportal RFC01 : authentication mechanism

pages: 01 | 02 | 03 | 04

User interface

Activate account

Your account now has to be activated before use. In order to do this, upload your signed certificate (you should have received it by email) to store it permanently on the server.

username:
password:
certificate:

Design

The signed certificate is uploaded, along with the username and password with which the user registered at GRIDportal.

The certificate is now stored with myProxy. myProxy requires a username/password combo for any given credential stored there, so we use the username/password we already have.

Implementation

The myProxy client utility used to store credentials with myProxy, myproxy-init is an interactive program. Instead, we can use the Authentication.pm perl module from gridport and write a simple client to do this.

The security angle

Once again, the certificate is transferred to GRIDportal. It is then stored in myProxy and removed from GRIDportal. To secure the transfer we can use https.