EuroPKI'05 Proceedings of the Second European conference on Public Key Infrastructure
An innovative policy-based cross certification methodology for public key infrastructures
EuroPKI'05 Proceedings of the Second European conference on Public Key Infrastructure
Interoperable grid PKIs among untrusted domains: an architectural proposal
GPC'07 Proceedings of the 2nd international conference on Advances in grid and pervasive computing
The CloudGrid approach: Security analysis and performance evaluation
Future Generation Computer Systems
Hi-index | 0.00 |
Nowadays the computational Grid uses X.509 digital certificates for a wide variety of security-related tasks, ranging from user authentication to job execution's delegation. However to ensure a comprehensive security framework such credentials need to be validated so that revoked, suspended and any other compromised certificate will not be allowed to access Grid resources. To achieve such tasks great interest is being given to the Online Certificate Status Protocol (OCSP) in security workgroups from the Global Grid Forum. In order to better understand the special requirements related with its use in previous work we introduced the Open GRid Ocsp API (OGRO), which provides OCSP support to the Globus Toolkit 4. However that research concluded that the Grid introduces some special requisites for OCSP's performance and security. As a follow-up to that work, this paper provides a comprehensive performance comparison between the novel Prevalidation and Caching mechanisms proposed by the authors to further improve Grid-OCSP. In addition, research about security compliance of both mechanisms around the newest Proxy Revocation concept is also presented in this work.