Speaker
John Kewley
(STFC)
Description
Users find applying for and renewing of their certificates hard.
In fact one third of the tickets on the UK NGI Helpdesk in the last year
were related to certificates: a common theme being browser issues.
STFC staff have produced a browser-independent tool for managing
the certificates of the UK NGI user community. This tool, combined with
other service improvments, provides a simpler-to-use interface which is
more efficient and fully integrated with our already established
certificate tools.
The NGS runs the world's 2nd largest Grid Certification Authority: the
IGTF-accredited UK e-Science CA. It is trialing several innovations for x509
authentication including alternatives to year-long user certificates,
but their use will be needed for some time. The CA certificate
itself is due for renewal in 2011 and so the opportunity is being taken
to make changes at all levels of the service.
Up until now, users have used their browser to apply for and renew
their certificates. As browsers have evolved there have been a variety of
incompatibilities in the way they handle certificates and our list of
unsupported browsers has grown. The solution was to write a stand-alone
tool to manage these certificate requests without involving a browser.
The tool also adds the facility to renew a recently expired certificate and
change details such as the user's email address without having to revoke it
and apply for a new one like now. It has also been merged with our existing
VOMS-enabled MyProxy Upload Tool so that a single tool can be used to manage
all the user's certificate interactions. Further work is already underway
to add interfaces to provide analogous support for host certificates and
for RA Operators to approve both user and host certificate requests.
Although the CA part of our tool is tied in to the UK eScience CA, the
interface provided is well-defined and would not take too much effort to
generalise for other community CAs so we are keen to demonstrate its
functionality at the User Forum in Lyon.
Required Facilities
Usual presentation facilities, network access would allow a demonstration.
| Duration (90min sessions) | About 15 - 20 minutes would be fine |
|---|
