Integration with Grid Security

PKI-based access control for grid computing

The Condor project at UW-Madison has been engaged in the integration and deployment of PKI technology into middleware for the past 18 months. Led by Professor Miron Livny of Computer Science, and with technical leadership from Todd Tannenbaum, the Condor project (http://www.cs.wisc.edu/condor) has performed research in distributed high-throughput computing for the past 10 years, and maintains the Condor High Throughput Computing software that is used by over two hundred government, academic, and commercial organizations worldwide. Condor is a highly distributed batch system for job scheduling and resource management, and for creating computational "grids" by linking together computational resources across administrative, geographic, and organizational domains. The Condor project budget in FY99 approached nearly $1 million in funding from NSF, the NCSA Alliance, DoE, Microsoft, and several other sources. Condor closely collaborates with the Globus project at Argonne National Labs (http://www.globus.org), and has worked extensively with Globus' GSI (Grid Security Infrastructure) toolkit.

The Condor project would contribute research into wide-scale PKI deployment issues. Condor is a significant and funded participant of the Partners for Advanced Computational Services (PACS) team in the National Computational Science Alliance (see http://www.ncsa.uiuc.edu/alliance/partners/PACS/). The PACS, and through it, the UW-Madison Condor project, is specifically responsible for the wide-scale deployment of this advanced infrastructure prototype across all the participating sites in the Alliance, and in the formation of a Virtual Machine Room (VMR, see http://www.ncsa.uiuc.edu/ SCD/Alliance/VMR.html). The VMR would ultimately allow scientists nationwide to apply for one account in the VMR, resulting in access to disparate compute resources across many participating supercomputer centers nationwide. The recent formation of the PKI Lab at UW-Madison will facilitate a stronger emphasis on understanding large-scale PKI deployment techniques and methodologies as Condor's PKI-enabled middleware is deployed across the Alliance's many sites.

Another area where the Condor project will contribute and work with the UW-Madison PKI Lab is in certificate and proxy certificate management. Much of the Condor technology runs as daemons or agents; no user is present to enter in a pass phrase. Instead, proxy X.509 certificates with expiration dates are being used. What happens when the proxy certificate expires? How can these proxy credentials be kept secured, and how can they be securely refreshed? These are all areas we are excited to have the opportunity to explore. The Condor project will be a significant contributor and collaborator with a UW-Madison PKI Lab in the areas of PKI integration and deployment.

Deliverables:

* Wide-area deployment of PKI technology Integration of PKI technology into middleware to empower the end user

* Creation of certificate proxies; proxy and credential management in a batch/agent-based environment

* Authentication across administrative boundaries and administrative systems/infrastructures

* Automated generation of certificates Further incorporation of PKI technology into Condor