Administration
Levels of Assurance
[ GTS: Administrators Guide | Developers Guide | caGrid: Documentation Guides ]
Overview
A Level of Assurance specifies the level of confidence in a given certificate authority. The level of assurance concept is similar to obtaining an identification card, for example obtaining a passport requires extensive documentation and a thorough background check where as obtaining a library card requires much less documentation and background check. When comparing a passport to a library card for identity validation, most would have more confidence in the passport than in the library card.
In the Web/Grid service environments, certificate authorities issue credentials to users. Each certificate authority may apply different policies in issuing credentials. Because of this the level of confidence in the identity represented by the credential will vary between certificate authorities. Level(s) of assurance can be used to group certificate authorities together that enforce similar policies for issuing credentials. For example the federal e-authentication guidelines
specify four levels of assurance, if adopting these guidelines, certificate authorities can be associated with the levels of assurance that they comply to. Clients and Services that are consuming credentials issued by certificate authorities can specify which level(s) of assurance they will accepts credentials from, allowing them to enforce the security policies required for the data they are sharing.
Each level of assurance registered to the GTS has a name and a description. The name uniquely identifies the level of assurance among other levels of assurance. The description provides information describing the level of assurance.
Managing Levels of Assurance
|
The GAARDS UI allows GTS administrators to search for and manage Levels of Assurance registered to the GTS. This can be accomplished by completing the following steps:
After the search has completed, the levels of assurance registered to the GTS you selected will be listed in the table below the Search button. You can view the details of an individual level of assurance by selecting it in the table and by clicking the View button. This will launch Level of Assurance Window for the level of assurance you selected. The level of assurance window contains the following information describing the level of assurance:
If the GTS is the authority for the level of assurance, then the description can be updated by GTS administrators. To accomplish this, make the desired changes to the description and click the Update button. |
|
Add Level of Assurance
|
The GAARDS UI provides a method for GTS administrators to add or register a level of assurance with the GTS. This can be accomplished by completing the following steps:
|
|
Remove Level of Assurance
The GAARDS UI provides a method for GTS administrators to remove a level of assurance from the GTS. This can be accomplished by completing the following steps:
- Launch the GAARDS UI
- Login as a GTS administrator.
- From the Trust Fabric menu, select Levels of Assurance, this will launch the Levels of Assurance Window.
- From the Service drop down select the GTS you wish to remove a level of assurance from.
- Click the Search button, this will list all the Levels of Assurance registered with the selected GTS in the table below.
- Select the Level of Assurance you wish to remove.
- Click the Remove button.