Many clients and services (including caGrid) leverage the Globus Toolkit as their underlying framework. Globus requires the use of PKI credentials for authentication. A PKI credential consists of a X.509 certificate and private key, the X.509 certificate is signed by a certificate authority. In authenticating parties Globus ensure that the party authenticating is the holder of the private key that is bound to the X.509 certificate that they present and that the X.509 certificate presented is signed by a trusted certificate authority. Globus maintains a list of certificate authority's that it trusts in a local trust store on the local file system. Althought this it is effective it is very limiting and difficult to manage because everytime (1) a new certificate authority is trusted, (2) a existing certificate authority is no longer trusted, or (3) a certificate authority updates is CRL, the local trust store of all clients and services need to be updated. Under the core Globus release this is a manual process which is not scalable in large distributed Grids. The Grid Trust Service (GTS) is a grid service for managing certificate authorities (and CRLS) that are trust by a community. The GTS provides a tool called SyncGTS which keeps all clients and services local trust stores in sync with the certificate authorities that are trusted by the GTS. With SyncGTS, the local trust store for each client and service is updated each time a new certificate authority is added to the GTS or each time a certificate authority is removed from the GTS or each time the CRL for a certificate authority is updated.
SyncGTS provides many configuration option to clients and services. These include syncing with multiple GTS(s) and specifying level of assurance requirements. SyncGTS also provides several deployment options making it adapatable and easy to integrate with many types of systems. These deployment options include:
Globus Runtime- SyncGTS is deployed directly into a container hosting Web/Grid services, keeping the entire container and services operating in it in sync with the trust fabric.
Command Line- The command line approach is intended to be used to sync client environments with the trust fabric.
Programmatically- SyncGTS provides a client API, that allows developers to integrate SyncGTS into applications and other software projects.
Administration
